From: David Laight <david.laight.linux@gmail.com>
To: Manuel Ebner <manuelebner@mailbox.org>
Cc: Jani Nikula <jani.nikula@intel.com>,
andy.shevchenko@gmail.com, apw@canonical.com, corbet@lwn.net,
dwaipayanray1@gmail.com, joe@perches.com, kees@kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
lukas.bulwahn@gmail.com, skhan@linuxfoundation.org,
workflows@vger.kernel.org
Subject: Re: [PATCH 1/2] Doc: deprecated.rst: add strlcat()
Date: Tue, 12 May 2026 14:57:33 +0100 [thread overview]
Message-ID: <20260512145733.0b561c7a@pumpkin> (raw)
In-Reply-To: <46d8a5a8c8c77d3de9acfa1c55de2148fb2975c5.camel@mailbox.org>
On Tue, 12 May 2026 12:43:54 +0200
Manuel Ebner <manuelebner@mailbox.org> wrote:
> On Tue, 2026-05-12 at 11:52 +0300, Jani Nikula wrote:
> > On Sun, 10 May 2026, Manuel Ebner <manuelebner@mailbox.org> wrote:
> > > add strlcat and alternatives
> >
> > You'd think it's the strlcat() definition that needs a comment above it
> > saying it's deprecated. I don't think folks really look at
> > deprecated.rst.
>
> arch/s390/lib/string.c
> lib/string.c
> and
> tools/include/nolibc/string.h
>
> do not mentions anything about obsolete.
>
> include/linux/fortify-string.h has
>
> /* Defined after fortified strlen() to reuse it. */
> extern size_t __real_strlcat(char *p, const char *q, size_t avail) __RENAME(strlcat);
> /**
> * strlcat - Append a string to an existing string
> * [...]
> * Do not use this function. While FORTIFY_SOURCE tries to avoid
> * read and write overflows, this is only possible when the sizes
> * of @p and @q are known to the compiler. Prefer building the
> * string with formatting, via scnprintf(), seq_buf, or similar.
I'm not that advice is really that good.
The other schemes (esp scnprintf) are just as dangerous.
If the code has just done 'buf = kmalloc(size)' then strlcat(,,size)
is fine - from an overflow point of view.
strlcat() isn't really any worse than memcpy().
(unlike strncat() which was just an accident waiting to happen)
-- David
>
> should i add this to the former three files?
>
> Manuel
>
> >
> > BR,
> > Jani.
> >
> > >
> > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org>
> > > ---
> > > Documentation/process/deprecated.rst | 6 ++++++
> > > 1 file changed, 6 insertions(+)
> > >
> > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
> > > index fed56864d036..b8a65c19796c 100644
> > > --- a/Documentation/process/deprecated.rst
> > > +++ b/Documentation/process/deprecated.rst
> > > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is
> > > strscpy(),
> > > though care must be given to any cases where the return value of strlcpy()
> > > is used, since strscpy() will return negative errno values when it truncates.
> > >
> > > +strlcat()
> > > +---------
> > > +strlcat() must re-scan the destination string from the beginning on each
> > > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(),
> > > +snprintf() and scnprintf()
> > > +
> > > %p format specifier
> > > -------------------
> > > Traditionally, using "%p" in format strings would lead to regular address
> >
>
>
next prev parent reply other threads:[~2026-05-12 13:57 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-10 16:49 [PATCH 0/2] Doc, scripts: facilitate phaseout of strlcat Manuel Ebner
2026-05-10 16:52 ` [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() Manuel Ebner
2026-05-11 11:40 ` Geert Uytterhoeven
2026-05-11 13:26 ` David Laight
2026-05-11 19:07 ` Kees Cook
2026-05-11 20:34 ` David Laight
2026-05-10 16:54 ` Manuel Ebner
2026-05-10 17:32 ` Randy Dunlap
2026-05-12 8:52 ` Jani Nikula
2026-05-12 10:43 ` Manuel Ebner
2026-05-12 13:57 ` David Laight [this message]
2026-05-13 5:53 ` Heiko Carstens
2026-05-10 16:56 ` [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() Manuel Ebner
2026-05-10 17:31 ` Randy Dunlap
2026-05-11 12:12 ` Jonathan Corbet
2026-05-11 13:27 ` David Laight
2026-05-12 7:36 ` Manuel Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260512145733.0b561c7a@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=andy.shevchenko@gmail.com \
--cc=apw@canonical.com \
--cc=corbet@lwn.net \
--cc=dwaipayanray1@gmail.com \
--cc=jani.nikula@intel.com \
--cc=joe@perches.com \
--cc=kees@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lukas.bulwahn@gmail.com \
--cc=manuelebner@mailbox.org \
--cc=skhan@linuxfoundation.org \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.