From: David Laight <david.laight.linux@gmail.com>
To: Andreas Hindborg <a.hindborg@kernel.org>
Cc: Kees Cook <kees@kernel.org>,
linux-hardening@vger.kernel.org, Arnd Bergmann <arnd@kernel.org>,
linux-kernel@vger.kernel.org, Breno Leitao <leitao@debian.org>
Subject: Re: [PATCH next] fs: Replace strcpy(s, "../") with memcpy(s, "../", 4)
Date: Mon, 22 Jun 2026 11:17:40 +0100 [thread overview]
Message-ID: <20260622111740.63820fc2@pumpkin> (raw)
In-Reply-To: <87se6fdkb2.fsf@t14s.mail-host-address-is-not-set>
On Mon, 22 Jun 2026 10:57:21 +0200
Andreas Hindborg <a.hindborg@kernel.org> wrote:
> David Laight <david.laight.linux@gmail.com> writes:
...
> > I just looked at the code again, the final '- 1' on the 'size = ...'
> > line looks very odd.
>
> It's to leave space for a null char at the end. `fill_item_path` writes
> the path from the last segment to the first.
But wouldn't that be a '+ 1' ?
It might be alright because (IIRC) the length is initialised to one
in the helper function.
>
> > I wonder if it would be simpler to merge all three functions into
> > something with a single loop that builds the name/name part backwards
> > from the end of the buffer while adding "../" on the front and then
> > calling memmove() to put the two together.
>
> The current implementation is difficult to read for sure. It would be
> nice if we can make it more simple to parse.
I dislike code that does two passes, one to work out the size and the
second to do the work. All too easy for them to get out of sync.
One of the pathname functions (but I don't know if this code is used for it)
lets the string start part way down the supplied buffer.
If it is that case then it could be a lot simpler.
It also wouldn't do any hard to try embedding the 'char name[PATH_MAX]'
in a structure - so the size is passed implicitly and the compiler can
check and humans know what they can do.
David
>
> Best regards,
> Andreas Hindborg
>
prev parent reply other threads:[~2026-06-22 10:17 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CnPdNyUGjsYpAP8JdysfUf4wkBkm2a923cQ1hE4-mg0sUnJIm4Uj-cAkdVHswEsuZ3d6vhmX5eil2zLmrkfl3A==@protonmail.internalid>
2026-06-06 20:25 ` [PATCH next] fs: Replace strcpy(s, "../") with memcpy(s, "../", 4) david.laight.linux
2026-06-19 10:58 ` Andreas Hindborg
2026-06-19 13:34 ` David Laight
2026-06-22 8:57 ` Andreas Hindborg
2026-06-22 10:17 ` David Laight [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260622111740.63820fc2@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=a.hindborg@kernel.org \
--cc=arnd@kernel.org \
--cc=kees@kernel.org \
--cc=leitao@debian.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.