From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-dy1-f182.google.com (mail-dy1-f182.google.com [74.125.82.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7BB0F4964F for ; Mon, 11 May 2026 01:30:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778463032; cv=none; b=fKT0upkBCa0TnGTcLCBBfF080bSXN46QttcHg7oEOcl6c/lXPA1tF5pHP4jH4PO+vi265RDsWBcB2sZPj1AE8gDBYbP4aqiiTxmSRKiSmTwDNCM90QgOpGjznzEeJfW/Dxe6zQi/WLmFyUe3VGrQPKLNWWmJfpIHszoAwTkeTCc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778463032; c=relaxed/simple; bh=JcUmuDBdK9DC1tFvRdTyF30iAp1H1FzfMDEk0X1mbEI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=F9LH+sLXPSa/Fw7jYZJj6WXGBh4g31bgrlU2/sYRnsHqkLmpFXRswWDx/NiGm+QieSUzRgF/pgIgKkUt5+RFYe5Fkrl2vpXlEbVoFFcOeXboOHm6mU6NN7aXlz+lfu4oqM9qDNne+W+XlVFKw6IqpgPFXKQfmWRMHl+PKB9zMx0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=f1eTAQ6K; arc=none smtp.client-ip=74.125.82.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="f1eTAQ6K" Received: by mail-dy1-f182.google.com with SMTP id 5a478bee46e88-2f03d6cf77bso4096408eec.0 for ; Sun, 10 May 2026 18:30:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778463031; x=1779067831; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=igIi6LIW3IB0IGgMEC4IJNTPQST5FaY0+izMvLpd7uY=; b=f1eTAQ6KjIDZ7Hqkn1sCK8sD3e1ly900Is4Rx1wLs+aytTEoMegRJka89XZ3we4clJ y9R1LEDQeZK+4kVg5ecKvrC+5U8TY0heTIyn1MvGMjxpSgYrDmOwTQ+4WfwZiYoruLpp HLy0rQISRcW9RA8SY1ceCepbhVenh7wKrhnpmtf97ffV4LA8FBA1uDnU2xMODdVP3gTc b4AGw+KPUMuwA+VAfXDptknLy9fofcexULb5lmC+2tmN8czXpD60WeAjgYfFjLnGnnC3 0ITJAvzdUtfppv9zOuE5eie8dC5NbQSVBKMGbnnasWSLER/3VAPw87meOkIxsfNE281+ GuNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778463031; x=1779067831; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=igIi6LIW3IB0IGgMEC4IJNTPQST5FaY0+izMvLpd7uY=; b=OBKK0sBHVjLeM8hElVLvy1i/hTIdz6rT50Dj9Qx/Mzv0ytBlC5hPZWmH4wrEBv/qDy CwT6HfNKsf4zfX2iJ2LtoQjo2SR13qcXrmqG7Fv7ggDX4ywZx+cEJ/Nw0vDyWoSR/jKa xhu+AZ5v0Hef+ZMtVGZHyMDcWDq8h1Y7ccj63e1kkx9kB1Bjs8jl9gqnkzfVy4xTbxyt xzEvEE2qWzcsUaIReEtSkc986MANvgDkqmdzoUs1Q+jUdSbP1g83W3Pplt0bCT1eilxI q3SrdYJ8YIXzCAzuOBCI++JTzDFy+mdqPg+sVKlY4LDEp2cSuQFO2YXBIH4SS+Nho2ay TLUA== X-Forwarded-Encrypted: i=1; AFNElJ+VwdS2GoNOb0N0bM7020VKGw4+0YOgTLdrtejJ9DlIie01WvPeo0nXO1VfULSyre4qJT+m7xi9/p+8cqI=@vger.kernel.org X-Gm-Message-State: AOJu0YxhzUyU+6ogEZhFWD7VdEqc4r7o9thkAJWKldrAwejjYK7qQds3 5elI9XhKgwYxn904XZxsXst9dIeeEICR+72CRVXtYLff6WJuNE6nk1xG X-Gm-Gg: Acq92OHyspn4cB6AQz9tA7AAG3JDrR7zpQhRdSORu7TMhs5VtfvUiNiVb1l7TfRaIhb 7gpuZOpyE8too0V6BnWNNNaUEx0oSmn286EdnFT4FvzR0cl4sje94h46gV8feK+foTiT+Z6fBBa 4bdb+hf2j7tFGxf979Hvv8to/6Q6p3bQo7dTMB689cerDJIohBrDilXN/PA3H/Q118LpQjN3S14 9IwCvkyHYucCxKVfIc3CPKScAllLK8hNy+AitUNgCOjqPBUZ17FRAIBlB+hMYBnKvLI6/9mMCKW KVGVfjDTYDn+S4pijsLCnXZMEJeoaYYOIsi61HRK3yOT4sKauIWTZ8I5q3JyVQGY6nvVSC/QpgB oYG9XTXIn3EFDgiDDR2SQ2B66N2NrmRLnbW+AWYmKcn76ZJWYP2jX5wNkwIINm4zQTLqzRBezRQ z5zgxs6L/N9g== X-Received: by 2002:a05:7022:52b:b0:128:d752:e074 with SMTP id a92af1059eb24-1317d8939f7mr11205857c88.1.1778463028570; Sun, 10 May 2026 18:30:28 -0700 (PDT) Received: from geday ([2804:7f2:800b:ba0c::dead:c001]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-132781103e7sm14991824c88.1.2026.05.10.18.30.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 10 May 2026 18:30:27 -0700 (PDT) Date: Sun, 10 May 2026 22:30:20 -0300 From: Geraldo Nascimento To: David Laight Cc: "Alexander A. Klimov" , Shubhrajyoti Datta , Borislav Petkov , Tony Luck , Kees Cook , Arnd Bergmann , Greg Kroah-Hartman , Nick Li , Liam Girdwood , Mark Brown , Jaroslav Kysela , Takashi Iwai , linux-edac@vger.kernel.org, Linux Kernel Mailing List , linux-sound@vger.kernel.org Subject: Re: [PATCH] Fix possible strscpy() buffer overflows Message-ID: References: <7cb7d771-5bf1-4d26-ac0f-c8968372bfba@al2klimov.de> <20260510230853.154050a2@pumpkin> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260510230853.154050a2@pumpkin> Hi David, On Sun, May 10, 2026 at 11:08:53PM +0100, David Laight wrote: > On Sun, 10 May 2026 20:24:41 +0200 > "Alexander A. Klimov" wrote: > > > In the changed files, strings were copied like this: > > > > strscpy(DST, SRC, strlen(SRC)); > > > > A buffer overflow would happen if strlen(SRC) > sizeof(DST). > > Actually, strscpy() must be used this way: > > > > strscpy(DST, SRC, sizeof(DST)); > > strscpy(DST, SRC); // defaults to sizeof(DST) > > Nak. > > This is test code and deliberately doing things 'wrong'. > > -- David while the change to fortify.c is what you described, the other two look like good catches to me. Thanks, Geraldo Nascimento > > > > > Signed-off-by: Alexander A. Klimov > > --- > > drivers/edac/versalnet_edac.c | 3 +-- > > drivers/misc/lkdtm/fortify.c | 6 +----- > > sound/soc/codecs/fs210x.c | 2 +- > > 3 files changed, 3 insertions(+), 8 deletions(-)