From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C84BC26CE1E
	for <linux-kernel@vger.kernel.org>; Mon,  4 May 2026 18:09:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.174
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777918180; cv=none; b=SQJ/pCw85tA2+JF3f5ohL907Xhmm1S3hfYjOrqkSWuDuht678tln3aNRFp3Fuv/7ns70wSCuRgouN7t+eo5bX0wb8n5F0Yn6G4nVGqa2UW9abteSApowaZHeAhkMPdNQmgrEKflAXwnQqNHk9+D8Vc8YcG0nxs3MPCwurzbwb5c=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777918180; c=relaxed/simple;
	bh=zrdfpnzV395yK4H9FKGGBZswGo2p1cuxa003EiaAwbM=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type; b=XQ8ji52D8ueO76R5ubDqup/djSWcmVBUz2zcq9rzRWjpqq5TH3y4taAFTVKQFgZtO/LVykHw1X8EpexhErE/eEXVnoOQYkxO53DjOVUtTDNXhpcr3SDimvO1xwMPZ4EKl1GG40ry4c7fqnEj3aKahBhRdwfAD5Z30DA30KIh5a4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=g41+Js8t; arc=none smtp.client-ip=209.85.128.174
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="g41+Js8t"
Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-7bd5c773ef3so51572337b3.1
        for <linux-kernel@vger.kernel.org>; Mon, 04 May 2026 11:09:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1777918178; x=1778522978; darn=vger.kernel.org;
        h=content-transfer-encoding:in-reply-to:content-language:from
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=HDrEC/bbBf8LmPd2aHj2+GbHdkESbtD2hxIp9kN8Yo4=;
        b=g41+Js8tH0agPoZyJmNqeqlkiwsnw71jXhHLSIWosl+Ks6uXMbTYujUqgjqi1sxFUY
         J2iMCqtSknetCke0AYogq/sReOdYo2exexmRrvMXjrr/dIPEY/6DfLuk6qwA4urm9zgn
         k7m4LHXYRAKneNCWvMsVg2NRi5n4Ry4/rVXsgfmWAHJTilbjhZnD9Kc0ZDMeVcQaqnYN
         Bvq/JPZJnMns90b5Z3JuplwdnTz3uaHNorvIqwK9FTM9D9j/7sQ4dYbWTrSgGlA9Q1ms
         XDVwpk8cPU9o5ssJ6ndO/13CBq2iUxbYP6ld8Yb6CMO8URNyCqUlt4oGJywZicKrq/3Z
         KMnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777918178; x=1778522978;
        h=content-transfer-encoding:in-reply-to:content-language:from
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=HDrEC/bbBf8LmPd2aHj2+GbHdkESbtD2hxIp9kN8Yo4=;
        b=l84G7URqL/YeJ011nXZk/T50+f1A+eZCE19eWraafoWJri5AvcvDyMFm7H9f3Bkg3B
         oMbaz+AJIQnI1kx/XzQ1dsmpHLVsplQVNpWCS9w9PO+sbfXHiNtHTxgA3VcuJ3Z1rlkY
         EJeQWWdOoOHkazqOfWxhtK6UAl+iZpgcDLRRycRF1+x7cugF/1poKtKbAyeUSv5elm2w
         /puXdYltR53Udq+KNnI1bCet7xrmGQjmFNXlu1/zuLw6ujGcNxMHxq/WfKgvJZKxvaRV
         qQWzMImh8Kp+SzG2WCOkSu10NHGMhC5crnr4dpbUnVitpvcK+4UJgodjVqUtnh9aAk4W
         LGrQ==
X-Forwarded-Encrypted: i=1; AFNElJ81XQHUcrKP2mDdft2xJJUbKi+0JSkQ8uMfefyAt1X1h3Ja2DJzYLHWA0tBgVOaW6eD+9yyZ01FTOLpH8Y=@vger.kernel.org
X-Gm-Message-State: AOJu0YxdE+kuxt0nQCkhB3MffJu/tmYbT9e2MqBI+GRPJ19wDb3yjCG0
	eCuubymg7Tmgwt1jwtS9l1WssB3f6j1erWTE2aUOvIDIs2tsaj4zPFpf4+gQPlxWrQ==
X-Gm-Gg: AeBDies4BOaDyclHBW361H8NvGR7U1HqEjXM6YxKTNzgGapoI4rKsekciwSREvxc9t2
	4M30u5PqavpyQp2mMD0Ul/jIxBsVr2mG2+IwrAzKFOgB9H+ZyHjgoGMjx6J/XoUVRQEf2MJssOk
	T+C+vhs9s07oqAsxcNkRNgO8DbxQacXEkHRPPgoXKpEwE/3/K0i9igd9qcJAc2YuiOUjcMrnWEM
	o2HXIccobn+Y0MzGp4OutWNrc42IHsdlA/oamZ6BS3aawelid1P2BtlEnDrg2alHAtfW74XZi5L
	eRHp+h25nsoRc1gd7LC3tWhGfLdv02EXffbS6LsX8cVVdfHUwPEGm+A6zUzPvSIKmLZfHGMsSRW
	PWk0ononaXFBD0TMQ/XabVo1hWCZy9Oz02rQI8e+1sO6b5dh9FKVTkh6hrCoSMzNK9QtrNo21cF
	QljzzZ8m8Q4PYK0asOJ5QhY8mGA4fFJx0TJaz9iqDd/EYFsE+27JQQvQc+TICPnYqKAHPHEmT7h
	WC6lByBZ/rDjp/+AhH3
X-Received: by 2002:a05:690c:a018:b0:7b8:9418:7605 with SMTP id 00721157ae682-7bd7710e854mr105008447b3.38.1777918177380;
        Mon, 04 May 2026 11:09:37 -0700 (PDT)
Received: from ?IPV6:2600:1700:4570:89a0:8a86:6cfb:83b6:4f09? ([2600:1700:4570:89a0:8a86:6cfb:83b6:4f09])
        by smtp.gmail.com with ESMTPSA id 00721157ae682-7bd66885907sm53217837b3.43.2026.05.04.11.09.36
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 04 May 2026 11:09:36 -0700 (PDT)
Message-ID: <ad51b3a7-341b-4549-bb14-04260c35f999@google.com>
Date: Mon, 4 May 2026 11:09:25 -0700
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH] usb: typec: tcpm: replace strcpy with strscpy
To: David Laight <david.laight.linux@gmail.com>
Cc: Maxwell Doose <m32285159@gmail.com>, badhri@google.com,
 heikki.krogerus@linux.intel.com, gregkh@linuxfoundation.org,
 linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org
References: <20260419213638.38291-2-m32285159@gmail.com>
 <0643586e-e665-4592-b941-2868fca84322@google.com>
 <20260429095445.11b7302e@pumpkin>
From: Amit Sunil Dhamne <amitsd@google.com>
Content-Language: en-US
In-Reply-To: <20260429095445.11b7302e@pumpkin>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Hi David,

On 4/29/26 1:54 AM, David Laight wrote:
> On Thu, 23 Apr 2026 12:23:09 -0700
> Amit Sunil Dhamne <amitsd@google.com> wrote:
>
>> Hi Maxwell,
>>
>> On 4/19/26 2:36 PM, Maxwell Doose wrote:
>>> The function strcpy() is deprecated as it can be used in buffer overflow
>>> attacks. This patch replaces strcpy() with strscpy() to improve
>>> security and stability.
>>>
>>> Signed-off-by: Maxwell Doose <m32285159@gmail.com>
>>> ---
>>>   drivers/usb/typec/tcpm/tcpm.c | 6 +++---
>>>   1 file changed, 3 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c
>>> index 8e0e14a2704e..69574c5e79e1 100644
>>> --- a/drivers/usb/typec/tcpm/tcpm.c
>>> +++ b/drivers/usb/typec/tcpm/tcpm.c
>>> @@ -725,7 +725,7 @@ static void _tcpm_log(struct tcpm_port *port, const char *fmt, va_list args)
>>>   
>>>   	if (tcpm_log_full(port)) {
>>>   		port->logbuffer_head = max(port->logbuffer_head - 1, 0);
>>> -		strcpy(tmpbuffer, "overflow");
>>> +		strscpy(tmpbuffer, "overflow", sizeof(tmpbuffer))
>>>   	}
>>>   
>>>   	if (port->logbuffer_head < 0 ||
>>> @@ -841,10 +841,10 @@ static void tcpm_log_source_caps(struct tcpm_port *port)
>>>   					  pdo_spr_avs_apdo_15v_to_20v_max_current_ma(pdo),
>>>   					  pdo_spr_avs_apdo_src_peak_current(pdo));
>>>   			else
>>> -				strcpy(msg, "undefined APDO");
>>> +				strscpy(msg, "undefined APDO", sizeof(msg));
>>>   			break;
>>>   		default:
>>> -			strcpy(msg, "undefined");
>>> +			strscpy(msg, "undefined", sizeof(msg));
>>>   			break;
>>>   		}
>>>   		tcpm_log(port, " PDO %d: type %d, %s",  
>> This has already been fixed as part of [1].
> It is also 'not a fix'.
> strcpy() is fine for copying literal strings into arrays.
> With the kernel headers you get a compile error from strcpy() if the string
> is too long.
> OTOH strscpy() will truncate overlong strings.

Thanks for the explanation :) .


> 	David
>
>> [1] https://patch.msgid.link/20260310094434.3639602-5-aichao@kylinos.cn
>>
>>
>> BR,
>>
>> Amit
>>
>>