From: David Laight <david.laight.linux@gmail.com>
To: Manuel Ebner <manuelebner@mailbox.org>
Cc: Jani Nikula <jani.nikula@intel.com>,
andy.shevchenko@gmail.com, apw@canonical.com, corbet@lwn.net,
dwaipayanray1@gmail.com, joe@perches.com, kees@kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
lukas.bulwahn@gmail.com, skhan@linuxfoundation.org,
workflows@vger.kernel.org
Subject: Re: [PATCH 1/2] Doc: deprecated.rst: add strlcat()
Date: Tue, 12 May 2026 14:57:33 +0100 [thread overview]
Message-ID: <20260512145733.0b561c7a@pumpkin> (raw)
In-Reply-To: <46d8a5a8c8c77d3de9acfa1c55de2148fb2975c5.camel@mailbox.org>
On Tue, 12 May 2026 12:43:54 +0200
Manuel Ebner <manuelebner@mailbox.org> wrote:
> On Tue, 2026-05-12 at 11:52 +0300, Jani Nikula wrote:
> > On Sun, 10 May 2026, Manuel Ebner <manuelebner@mailbox.org> wrote:
> > > add strlcat and alternatives
> >
> > You'd think it's the strlcat() definition that needs a comment above it
> > saying it's deprecated. I don't think folks really look at
> > deprecated.rst.
>
> arch/s390/lib/string.c
> lib/string.c
> and
> tools/include/nolibc/string.h
>
> do not mentions anything about obsolete.
>
> include/linux/fortify-string.h has
>
> /* Defined after fortified strlen() to reuse it. */
> extern size_t __real_strlcat(char *p, const char *q, size_t avail) __RENAME(strlcat);
> /**
> * strlcat - Append a string to an existing string
> * [...]
> * Do not use this function. While FORTIFY_SOURCE tries to avoid
> * read and write overflows, this is only possible when the sizes
> * of @p and @q are known to the compiler. Prefer building the
> * string with formatting, via scnprintf(), seq_buf, or similar.
I'm not that advice is really that good.
The other schemes (esp scnprintf) are just as dangerous.
If the code has just done 'buf = kmalloc(size)' then strlcat(,,size)
is fine - from an overflow point of view.
strlcat() isn't really any worse than memcpy().
(unlike strncat() which was just an accident waiting to happen)
-- David
>
> should i add this to the former three files?
>
> Manuel
>
> >
> > BR,
> > Jani.
> >
> > >
> > > Signed-off-by: Manuel Ebner <manuelebner@mailbox.org>
> > > ---
> > > Documentation/process/deprecated.rst | 6 ++++++
> > > 1 file changed, 6 insertions(+)
> > >
> > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
> > > index fed56864d036..b8a65c19796c 100644
> > > --- a/Documentation/process/deprecated.rst
> > > +++ b/Documentation/process/deprecated.rst
> > > @@ -162,6 +162,12 @@ if a source string is not NUL-terminated. The safe replacement is
> > > strscpy(),
> > > though care must be given to any cases where the return value of strlcpy()
> > > is used, since strscpy() will return negative errno values when it truncates.
> > >
> > > +strlcat()
> > > +---------
> > > +strlcat() must re-scan the destination string from the beginning on each
> > > +call (O(n^2) behavior). Alternatives are seq_buf_puts(), seq_buf_printf(),
> > > +snprintf() and scnprintf()
> > > +
> > > %p format specifier
> > > -------------------
> > > Traditionally, using "%p" in format strings would lead to regular address
> >
>
>
next prev parent reply other threads:[~2026-05-12 13:57 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-10 16:49 [PATCH 0/2] Doc, scripts: facilitate phaseout of strlcat Manuel Ebner
2026-05-10 16:52 ` [PATCH 1/2] [PATCH 1/2] Doc: deprecated.rst: add strlcat() Manuel Ebner
2026-05-11 11:40 ` Geert Uytterhoeven
2026-05-11 13:26 ` David Laight
2026-05-11 19:07 ` Kees Cook
2026-05-11 20:34 ` David Laight
2026-05-10 16:54 ` Manuel Ebner
2026-05-10 17:32 ` Randy Dunlap
2026-05-12 8:52 ` Jani Nikula
2026-05-12 10:43 ` Manuel Ebner
2026-05-12 13:57 ` David Laight [this message]
2026-05-10 16:56 ` [PATCH 2/2] scripts: checkpatch.pl: add warning for strlcat() Manuel Ebner
2026-05-10 17:31 ` Randy Dunlap
2026-05-11 12:12 ` Jonathan Corbet
2026-05-11 13:27 ` David Laight
2026-05-12 7:36 ` Manuel Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260512145733.0b561c7a@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=andy.shevchenko@gmail.com \
--cc=apw@canonical.com \
--cc=corbet@lwn.net \
--cc=dwaipayanray1@gmail.com \
--cc=jani.nikula@intel.com \
--cc=joe@perches.com \
--cc=kees@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lukas.bulwahn@gmail.com \
--cc=manuelebner@mailbox.org \
--cc=skhan@linuxfoundation.org \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox