Hi,
On Sun, Jul 18, 2021 at 10:42:42PM +0300, Andy Shevchenko wrote:
On Sun, Jul 18, 2021 at 4:43 PM Len Baker len.baker@gmx.com wrote:
strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors. The safe replacement is strscpy() but in this case it is simpler to add NULL to the first position since we want to empty the string.
This is a previous step in the path to remove the strcpy() function.
Any document behind this (something to read on the site(s) more or less affiliated with what is going to happen in the kernel) to read background?
This is a task of the KSPP (kernel self protection project) [1]
[1] https://github.com/KSPP/linux/issues/88
...
case -1: i++; /* make debug message */
strcpy(msg, "");
msg[0] = 0;Strictly speaking it should be '\0'.
Ok, understood.
j = i + 1; while (par->init_sequence[j] >= 0) { sprintf(str, "0x%02X ", par->init_sequence[j]);-- With Best Regards, Andy Shevchenko
Thanks for the feedback, Len