| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAD=FV=VnvUUG7qE_RDKfos1H-baZUT8V5vKx2QNRX14OZ0QnwA@mail.gmail.com>
Date: Tue, 12 Aug 2025 09:24:55 -0700
From: Doug Anderson <dianders@...omium.org>
To: Thorsten Blum <thorsten.blum@...ux.dev>
Cc: Jason Wessel <jason.wessel@...driver.com>, Daniel Thompson <danielt@...nel.org>,
Justin Stitt <justinstitt@...gle.com>, linux-hardening@...r.kernel.org,
Daniel Thompson <daniel@...cstar.com>, kgdb-bugreport@...ts.sourceforge.net,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] kdb: Replace deprecated strcpy() with memmove() in vkdb_printf()
Hi,
On Tue, Aug 12, 2025 at 6:27 AM Thorsten Blum <thorsten.blum@...ux.dev> wrote:
>
> strcpy() is deprecated and its behavior is undefined when the source and
> destination buffers overlap. Use memmove() instead to avoid any
> undefined behavior.
>
> Adjust comments for clarity.
>
> Link: https://github.com/KSPP/linux/issues/88
> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev>
> ---
> Changes in v2:
> - Use memmove() because of strcpy()'s undefined behavior with
> overlapping buffers as suggested by Doug Anderson
> - Compile-tested only
> - Link to v1: https://lore.kernel.org/lkml/20250811170351.68985-1-thorsten.blum@linux.dev/
> ---
> kernel/debug/kdb/kdb_io.c | 14 ++++++++------
> 1 file changed, 8 insertions(+), 6 deletions(-)
Much nicer, thank you!
Given that the old code was officially relying on undefined behavior
of strcpy() before, I'd personally even add:
Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)")
In any case:
Reviewed-by: Douglas Anderson <dianders@...omium.org>
Powered by blists - more mailing lists