From: Simon Horman <horms@kernel.org>
To: tomasz.unger@yahoo.pl
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()
Date: Wed, 25 Feb 2026 09:39:17 +0000 [thread overview]
Message-ID: <aZ7DRf4U7urXmmAE@horms.kernel.org> (raw)
In-Reply-To: <20260224072242.32551-1-tomasz.unger@yahoo.pl>
On Tue, Feb 24, 2026 at 08:22:42AM +0100, tomasz.unger@yahoo.pl wrote:
> From: Tomasz Unger <tomasz.unger@yahoo.pl>
>
> strcpy() does not limit the number of bytes copied which can lead to
> buffer overflow. Replace with strscpy() which is safer as it limits
> the copy to the size of the destination buffer.
>
> Compilation testing:
> - checkpatch.pl: 0 errors, 0 warnings
> - make drivers/nfc/pn544/i2c.o: compiled successfully
>
> Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
I am wondering if this is more of a cleanup, or more of a bug fix.
IOW, can an overflow actually occur?
Assuming that firmware_name is derived from user input I would suspect
that this is a bug fix. In which case it should be targeted at net.
Subject: [PATCH net] ...
And have a Fixes tag denoting the commit that introduced the problem.
It should go immediately above your Signed-off-by line; no blank line in
between.
Otherwise it would be best to explicitly target this patch at
the net-next tree:
Subject: [PATCH net-next] ...
AI generated review flagged that this looks like a bug fix.
> ---
> drivers/nfc/pn544/i2c.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
> index a0dfb3f98d5a..7261e12aa6b5 100644
> --- a/drivers/nfc/pn544/i2c.c
> +++ b/drivers/nfc/pn544/i2c.c
> @@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
>
> pr_info("Starting Firmware Download (%s)\n", firmware_name);
>
> - strcpy(phy->firmware_name, firmware_name);
> + strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));
phy->firmware_name is an array.
So you can use the two-argument variant of strscpy() here.
>
> phy->hw_variant = hw_variant;
> phy->fw_work_state = FW_WORK_STATE_START;
--
pw-bot: changes-requested
next prev parent reply other threads:[~2026-02-25 9:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260224072242.32551-1-tomasz.unger.ref@yahoo.pl>
2026-02-24 7:22 ` [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy() tomasz.unger
2026-02-25 9:39 ` Simon Horman [this message]
[not found] <20260219192416.97654-1-tomasz.unger.ref@yahoo.pl>
2026-02-19 19:24 ` tomasz.unger
2026-02-19 19:37 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZ7DRf4U7urXmmAE@horms.kernel.org \
--to=horms@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tomasz.unger@yahoo.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox