[PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store

[PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store

[Thorsten Blum]

strcpy() is deprecated because it can overflow when the destination
buffer is not large enough for the source string. Replace it with
strscpy(), which avoids overflows and guarantees NUL-termination.

Link: https://github.com/KSPP/linux/issues/88
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 drivers/w1/slaves/w1_therm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c
index 9ccedb3264fb..fcd7aab5b52d 100644
--- a/drivers/w1/slaves/w1_therm.c
+++ b/drivers/w1/slaves/w1_therm.c
@@ -1849,7 +1849,7 @@ static ssize_t alarms_store(struct device *device,
 			__func__, -ENOMEM);
 		return size;
 	}
-	strcpy(p_args, buf);
+	strscpy(p_args, buf, size);
 
 	/* Split string using space char */
 	token = strsep(&p_args, " ");
-- 
2.51.0

Re: [PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store

[Krzysztof Kozlowski]

On 17/10/2025 19:00, Thorsten Blum wrote:
> strcpy() is deprecated because it can overflow when the destination
> buffer is not large enough for the source string. Replace it with

It cannot overflow. Look at the code - memory is allocated for the size.

> strscpy(), which avoids overflows and guarantees NUL-termination.

Maybe NUL-termination is missing, could be.

Anyway please write commit msg describing this exact code, not a generic
one for work replacing strcpy(). Your generic commit msg is just not
applicable here.

And even there, just look at the code - why exactly cannot it be
simplified into ksrtdup?



Best regards,
Krzysztof

Re: [PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store

[Thorsten Blum]

On 20. Oct 2025, at 09:01, Krzysztof Kozlowski wrote:
> On 17/10/2025 19:00, Thorsten Blum wrote:
>> strcpy() is deprecated because it can overflow when the destination
>> buffer is not large enough for the source string. Replace it with
> 
> It cannot overflow. Look at the code - memory is allocated for the size.

The sysfs buffer passed to alarms_store() is allocated with 'size + 1'
bytes to include a NUL terminator. However, the 'size' argument does not
account for this extra byte.

And since 'p_args' is allocated with only 'size' bytes and strcpy()
copies 'buf' until the first '\0' at index 'size', strcpy() writes one
byte past the end of 'p_args'.

Using kstrdup() fixes this issue, as it allocates 'strlen(buf) + 1'
bytes and copies the NUL terminator safely.

I would also remove the misleading comment, drop dev_warn(), and return
-ENOMEM on allocation failure.

Would this work for you?

diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c
index 9ccedb3264fb..94512f8b60f5 100644
--- a/drivers/w1/slaves/w1_therm.c
+++ b/drivers/w1/slaves/w1_therm.c
@@ -1841,15 +1841,9 @@ static ssize_t alarms_store(struct device *device,
	s8 tl, th;	/* 1 byte per value + temp ring order */
	char *p_args, *orig;

-	p_args = orig = kmalloc(size, GFP_KERNEL);
-	/* Safe string copys as buf is const */
-	if (!p_args) {
-		dev_warn(device,
-			"%s: error unable to allocate memory %d\n",
-			__func__, -ENOMEM);
-		return size;
-	}
-	strcpy(p_args, buf);
+	p_args = orig = kstrdup(buf, GFP_KERNEL);
+	if (!p_args)
+		return -ENOMEM;

	/* Split string using space char */
	token = strsep(&p_args, " ");

Re: [PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store

[David Laight]

On Mon, 20 Oct 2025 09:01:08 +0200
Krzysztof Kozlowski <krzk@kernel.org> wrote:

> On 17/10/2025 19:00, Thorsten Blum wrote:
> > strcpy() is deprecated because it can overflow when the destination
> > buffer is not large enough for the source string. Replace it with  
> 
> It cannot overflow. Look at the code - memory is allocated for the size.
> 
> > strscpy(), which avoids overflows and guarantees NUL-termination.  
> 
> Maybe NUL-termination is missing, could be.
> 
> Anyway please write commit msg describing this exact code, not a generic
> one for work replacing strcpy(). Your generic commit msg is just not
> applicable here.
> 
> And even there, just look at the code - why exactly cannot it be
> simplified into ksrtdup?

Or use a different function for numeric conversion that behaves like
the userspace strtoul() family and returns a pointer to the character
that fails the conversion - and then check it is a space.

Then there isn't any need to copy the string at all.

	David

> 
> 
> 
> Best regards,
> Krzysztof
>