From: Simon Horman <horms@kernel.org>
To: tomasz.unger@yahoo.pl
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()
Date: Wed, 25 Feb 2026 09:39:17 +0000 [thread overview]
Message-ID: <aZ7DRf4U7urXmmAE@horms.kernel.org> (raw)
In-Reply-To: <20260224072242.32551-1-tomasz.unger@yahoo.pl>
On Tue, Feb 24, 2026 at 08:22:42AM +0100, tomasz.unger@yahoo.pl wrote:
> From: Tomasz Unger <tomasz.unger@yahoo.pl>
>
> strcpy() does not limit the number of bytes copied which can lead to
> buffer overflow. Replace with strscpy() which is safer as it limits
> the copy to the size of the destination buffer.
>
> Compilation testing:
> - checkpatch.pl: 0 errors, 0 warnings
> - make drivers/nfc/pn544/i2c.o: compiled successfully
>
> Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
I am wondering if this is more of a cleanup, or more of a bug fix.
IOW, can an overflow actually occur?
Assuming that firmware_name is derived from user input I would suspect
that this is a bug fix. In which case it should be targeted at net.
Subject: [PATCH net] ...
And have a Fixes tag denoting the commit that introduced the problem.
It should go immediately above your Signed-off-by line; no blank line in
between.
Otherwise it would be best to explicitly target this patch at
the net-next tree:
Subject: [PATCH net-next] ...
AI generated review flagged that this looks like a bug fix.
> ---
> drivers/nfc/pn544/i2c.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
> index a0dfb3f98d5a..7261e12aa6b5 100644
> --- a/drivers/nfc/pn544/i2c.c
> +++ b/drivers/nfc/pn544/i2c.c
> @@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
>
> pr_info("Starting Firmware Download (%s)\n", firmware_name);
>
> - strcpy(phy->firmware_name, firmware_name);
> + strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));
phy->firmware_name is an array.
So you can use the two-argument variant of strscpy() here.
>
> phy->hw_variant = hw_variant;
> phy->fw_work_state = FW_WORK_STATE_START;
--
pw-bot: changes-requested
next prev parent reply other threads:[~2026-02-25 9:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260224072242.32551-1-tomasz.unger.ref@yahoo.pl>
2026-02-24 7:22 ` [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy() tomasz.unger
2026-02-25 9:39 ` Simon Horman [this message]
[not found] <20260219192416.97654-1-tomasz.unger.ref@yahoo.pl>
2026-02-19 19:24 ` tomasz.unger
2026-02-19 19:37 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZ7DRf4U7urXmmAE@horms.kernel.org \
--to=horms@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tomasz.unger@yahoo.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.