* [PATCH] alpha: Replace sprintf()/strcpy() with scnprintf()/strscpy()
@ 2025-04-19 11:40 Thorsten Blum
2025-04-20 0:23 ` Al Viro
0 siblings, 1 reply; 2+ messages in thread
From: Thorsten Blum @ 2025-04-19 11:40 UTC (permalink / raw)
To: Richard Henderson, Matt Turner, Arnd Bergmann, Al Viro,
Geert Uytterhoeven, Mike Rapoport (Microsoft), Guo Weikang
Cc: Thorsten Blum, linux-hardening, Andrew Morton, Paul E. McKenney,
Alexander Gordeev, linux-alpha, linux-kernel
Replace sprintf() with the safer variant scnprintf() and use its return
value instead of calculating the string length again using strlen().
Use strscpy() instead of the deprecated strcpy().
No functional changes intended.
Link: https://github.com/KSPP/linux/issues/88
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
arch/alpha/kernel/core_marvel.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/arch/alpha/kernel/core_marvel.c b/arch/alpha/kernel/core_marvel.c
index b1bfbd11980d..d38f4d6759e4 100644
--- a/arch/alpha/kernel/core_marvel.c
+++ b/arch/alpha/kernel/core_marvel.c
@@ -17,6 +17,7 @@
#include <linux/vmalloc.h>
#include <linux/mc146818rtc.h>
#include <linux/rtc.h>
+#include <linux/string.h>
#include <linux/module.h>
#include <linux/memblock.h>
@@ -79,10 +80,12 @@ mk_resource_name(int pe, int port, char *str)
{
char tmp[80];
char *name;
-
- sprintf(tmp, "PCI %s PE %d PORT %d", str, pe, port);
- name = memblock_alloc_or_panic(strlen(tmp) + 1, SMP_CACHE_BYTES);
- strcpy(name, tmp);
+ size_t sz;
+
+ sz = scnprintf(tmp, sizeof(tmp), "PCI %s PE %d PORT %d", str, pe, port);
+ sz += 1; /* NUL terminator */
+ name = memblock_alloc_or_panic(sz, SMP_CACHE_BYTES);
+ strscpy(name, tmp, sz);
return name;
}
--
2.49.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] alpha: Replace sprintf()/strcpy() with scnprintf()/strscpy()
2025-04-19 11:40 [PATCH] alpha: Replace sprintf()/strcpy() with scnprintf()/strscpy() Thorsten Blum
@ 2025-04-20 0:23 ` Al Viro
0 siblings, 0 replies; 2+ messages in thread
From: Al Viro @ 2025-04-20 0:23 UTC (permalink / raw)
To: Thorsten Blum
Cc: Richard Henderson, Matt Turner, Arnd Bergmann, Geert Uytterhoeven,
Mike Rapoport (Microsoft), Guo Weikang, linux-hardening,
Andrew Morton, Paul E. McKenney, Alexander Gordeev, linux-alpha,
linux-kernel
On Sat, Apr 19, 2025 at 01:40:11PM +0200, Thorsten Blum wrote:
> Replace sprintf() with the safer variant scnprintf() and use its return
> value instead of calculating the string length again using strlen().
>
> Use strscpy() instead of the deprecated strcpy().
FWIW, an idiomatic variant would be
size = snprintf(NULL, 0, <....>);
buffer = <allocate size + 1 bytes>
if succeeded
snprintf(buffer, size + 1, <....>);
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-04-20 0:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-19 11:40 [PATCH] alpha: Replace sprintf()/strcpy() with scnprintf()/strscpy() Thorsten Blum
2025-04-20 0:23 ` Al Viro
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox