[PATCH] tools: include: add proper strscpy() declaration

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] tools: include: add proper strscpy() declaration
@ 2026-05-04 21:23 Lucas Poupeau
  2026-05-04 21:38 ` Maxwell Doose
  0 siblings, 1 reply; 3+ messages in thread
From: Lucas Poupeau @ 2026-05-04 21:23 UTC (permalink / raw)
  To: jpoimboe, pmladek; +Cc: m32285159, linux-kernel, Lucas Poupeau

Currently, strscpy() is defined as a macro for strcpy() in the tools
headers. This is unsafe and prevents using the real strscpy() logic
that provides better buffer overflow protection.

Remove the macro hack and add a proper extern declaration for
strscpy(). This allows tools to use the safer string copying API
once the implementation is provided.

Suggested-by: Maxwell Doose <m32285159@gmail.com>
Signed-off-by: Lucas Poupeau <lucasp.linux@gmail.com>
---
 tools/include/linux/string.h |  5 ++++-
 tools/lib/string.c           | 37 ++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/tools/include/linux/string.h b/tools/include/linux/string.h
index 51ad3cf4fa82..4f3547d0cd84 100644
--- a/tools/include/linux/string.h
+++ b/tools/include/linux/string.h
@@ -12,7 +12,6 @@ void argv_free(char **argv);
 
 int strtobool(const char *s, bool *res);
 
-#define strscpy strcpy
 
 /*
  * glibc based builds needs the extern while uClibc doesn't.
@@ -30,6 +29,10 @@ extern size_t strlcpy(char *dest, const char *src, size_t size);
 #endif
 #endif
 
+extern ssize_t strscpy(char *dest, const char *src, size_t count);
+
+char *str_error_r(int errnum, char *buf, size_t buflen);
+
 char *str_error_r(int errnum, char *buf, size_t buflen);
 
 char *strreplace(char *s, char old, char new);
diff --git a/tools/lib/string.c b/tools/lib/string.c
index 3126d2cff716..12fabbe583cf 100644
--- a/tools/lib/string.c
+++ b/tools/lib/string.c
@@ -36,6 +36,43 @@ void *memdup(const void *src, size_t len)
 	return p;
 }
 
+/**
+ * strscpy - Copy a C-string into a sized buffer
+ * @dest: Where to copy the string to
+ * @src: Where to copy the string from
+ * @count: Size of destination buffer
+ *
+ * Copy the source string to the destination buffer. The result is
+ * always a valid NUL-terminated string that fits in the buffer.
+ *
+ * Return:
+ * * The number of characters copied (not including the trailing NUL)
+ * * -E2BIG if count is 0 or @src was truncated.
+ */
+ssize_t strscpy(char *dest, const char *src, size_t count)
+{
+	size_t res = 0;
+
+	if (count == 0)
+		return -E2BIG;
+
+	while (count) {
+		char c = src[res];
+
+		dest[res] = c;
+		if (!c)
+			return res;
+		res++;
+		count--;
+	}
+
+	/* Hit buffer length without finding a NUL; force NUL-termination. */
+	if (res)
+		dest[res-1] = '\0';
+
+	return -E2BIG;
+}
+
 /**
  * strtobool - convert common user inputs into boolean values
  * @s: input string
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] tools: include: add proper strscpy() declaration
  2026-05-04 21:23 [PATCH] tools: include: add proper strscpy() declaration Lucas Poupeau
@ 2026-05-04 21:38 ` Maxwell Doose
  2026-05-04 21:47   ` Maxwell Doose
  0 siblings, 1 reply; 3+ messages in thread
From: Maxwell Doose @ 2026-05-04 21:38 UTC (permalink / raw)
  To: Lucas Poupeau; +Cc: jpoimboe, pmladek, linux-kernel

On Mon, May 4, 2026 at 4:23 PM Lucas Poupeau <lucasp.linux@gmail.com> wrote:
>
> Currently, strscpy() is defined as a macro for strcpy() in the tools
> headers. This is unsafe and prevents using the real strscpy() logic
> that provides better buffer overflow protection.
>
> Remove the macro hack and add a proper extern declaration for
> strscpy(). This allows tools to use the safer string copying API
> once the implementation is provided.
>
> Suggested-by: Maxwell Doose <m32285159@gmail.com>
> Signed-off-by: Lucas Poupeau <lucasp.linux@gmail.com>
>
[snip]
>
> +extern ssize_t strscpy(char *dest, const char *src, size_t count);
> +
> +char *str_error_r(int errnum, char *buf, size_t buflen);
> +
>  char *str_error_r(int errnum, char *buf, size_t buflen);
>

Looks like you have a duplicate definition here.

best regards,
max




>
>  char *strreplace(char *s, char old, char new);
> diff --git a/tools/lib/string.c b/tools/lib/string.c
> index 3126d2cff716..12fabbe583cf 100644
> --- a/tools/lib/string.c
> +++ b/tools/lib/string.c
> @@ -36,6 +36,43 @@ void *memdup(const void *src, size_t len)
>         return p;
>  }
>
> +/**
> + * strscpy - Copy a C-string into a sized buffer
> + * @dest: Where to copy the string to
> + * @src: Where to copy the string from
> + * @count: Size of destination buffer
> + *
> + * Copy the source string to the destination buffer. The result is
> + * always a valid NUL-terminated string that fits in the buffer.
> + *
> + * Return:
> + * * The number of characters copied (not including the trailing NUL)
> + * * -E2BIG if count is 0 or @src was truncated.
> + */
> +ssize_t strscpy(char *dest, const char *src, size_t count)
> +{
> +       size_t res = 0;
> +
> +       if (count == 0)
> +               return -E2BIG;
> +
> +       while (count) {
> +               char c = src[res];
> +
> +               dest[res] = c;
> +               if (!c)
> +                       return res;
> +               res++;
> +               count--;
> +       }
> +
> +       /* Hit buffer length without finding a NUL; force NUL-termination. */
> +       if (res)
> +               dest[res-1] = '\0';
> +
> +       return -E2BIG;
> +}
> +
>  /**
>   * strtobool - convert common user inputs into boolean values
>   * @s: input string
> --
> 2.54.0
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] tools: include: add proper strscpy() declaration
  2026-05-04 21:38 ` Maxwell Doose
@ 2026-05-04 21:47   ` Maxwell Doose
  0 siblings, 0 replies; 3+ messages in thread
From: Maxwell Doose @ 2026-05-04 21:47 UTC (permalink / raw)
  To: Lucas Poupeau; +Cc: jpoimboe, pmladek, linux-kernel

On Mon, May 4, 2026 at 4:38 PM Maxwell Doose <m32285159@gmail.com> wrote:
>
> On Mon, May 4, 2026 at 4:23 PM Lucas Poupeau <lucasp.linux@gmail.com> wrote:
> >
> > Currently, strscpy() is defined as a macro for strcpy() in the tools
> > headers. This is unsafe and prevents using the real strscpy() logic
> > that provides better buffer overflow protection.
> >
> > Remove the macro hack and add a proper extern declaration for
> > strscpy(). This allows tools to use the safer string copying API
> > once the implementation is provided.
> >
> > Suggested-by: Maxwell Doose <m32285159@gmail.com>
> > Signed-off-by: Lucas Poupeau <lucasp.linux@gmail.com>
> >
> [snip]
> >
> > +extern ssize_t strscpy(char *dest, const char *src, size_t count);
> > +
> > +char *str_error_r(int errnum, char *buf, size_t buflen);
> > +
> >  char *str_error_r(int errnum, char *buf, size_t buflen);
> >
>
> Looks like you have a duplicate definition here.
>
> best regards,
> max
>

Also would be worth checking sashiko's report:
https://sashiko.dev/#/patchset/20260504212301.63750-1-lucasp.linux%40gmail.com

best regards,
max

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-05-04 21:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-04 21:23 [PATCH] tools: include: add proper strscpy() declaration Lucas Poupeau
2026-05-04 21:38 ` Maxwell Doose
2026-05-04 21:47   ` Maxwell Doose

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox