Hi, On Sun, Jul 18, 2021 at 10:42:42PM +0300, Andy Shevchenko wrote: > On Sun, Jul 18, 2021 at 4:43 PM Len Baker <len.baker@xxxxxxx> wrote: > > > > strcpy() performs no bounds checking on the destination buffer. This > > could result in linear overflows beyond the end of the buffer, leading > > to all kinds of misbehaviors. The safe replacement is strscpy() but in > > this case it is simpler to add NULL to the first position since we want > > to empty the string. > > > This is a previous step in the path to remove the strcpy() function. > > Any document behind this (something to read on the site(s) more or > less affiliated with what is going to happen in the kernel) to read > background? This is a task of the KSPP (kernel self protection project) [1] [1] https://github.com/KSPP/linux/issues/88 > > ... > > > case -1: > > i++; > > /* make debug message */ > > - strcpy(msg, ""); > > + msg[0] = 0; > > Strictly speaking it should be '\0'. Ok, understood. > > > j = i + 1; > > while (par->init_sequence[j] >= 0) { > > sprintf(str, "0x%02X ", par->init_sequence[j]); > > > -- > With Best Regards, > Andy Shevchenko Thanks for the feedback, Len
