| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <4AB5FFA3-EFF9-41FA-8204-FA66FA9D33FF@linux.dev> Date: Fri, 31 Oct 2025 13:50:28 +0100 From: Thorsten Blum <thorsten.blum@...ux.dev> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: "Rafael J. Wysocki" <rafael@...nel.org>, Danilo Krummrich <dakr@...nel.org>, linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] platform: Replace deprecated strcpy in platform_device_alloc On 31. Oct 2025, at 13:24, Greg Kroah-Hartman wrote: > On Fri, Oct 31, 2025 at 01:18:58PM +0100, Thorsten Blum wrote: >> First, use struct_size(), which provides additional compile-time checks >> for structures with flexible array members (e.g., __must_be_array()), to >> calculate the number of bytes to allocate for a new 'platform_object'. >> >> Then, since we know the length of 'name' and that it is guaranteed to be >> NUL-terminated, replace the deprecated strcpy() with a simple memcpy(). > > This makes no sense. You are saying we know the length, and we know it > is NULL terminated, so let's be complex and do a strlen() and memcpy() > instead of a normal strcpy(). The current version already calculates strlen(name), and then strcpy() does another strlen() internally, which we can safely skip by using memcpy() directly. The current code is correct, but by removing the deprecated strcpy(), we also remove a redundant call to strlen() without any functional changes.
Powered by blists - more mailing lists