On 08/06/14 11:16, Chris Metcalf wrote: > Using strncpy() will just silently truncate long strings; we should > instead return an appropriate error. Using strlcpy() would suffer from > the same problem. Instead, use strnlen()+memcpy(), and add an > error-checking step to make sure the lengths are reasonable. > > I called the convenience wrapper strscpy(), and a case could be made for > making it more generic (possibly with a better name), but that seems > outside the scope of this initial commit.
Well, having looked at the function before I read this comment, my first thought was that it should be added to lib/string.c for general availability. > > Signed-off-by: Chris Metcalf <cmetc...@tilera.com> > --- > v2: use strnlen instead of strlen > > arch/tile/gxio/mpipe.c | 30 +++++++++++++++++++++++++----- > 1 file changed, 25 insertions(+), 5 deletions(-) > > diff --git a/arch/tile/gxio/mpipe.c b/arch/tile/gxio/mpipe.c > index 5301a9ffbae1..27a56be8d583 100644 > --- a/arch/tile/gxio/mpipe.c > +++ b/arch/tile/gxio/mpipe.c > @@ -29,6 +29,25 @@ > /* HACK: Avoid pointless "shadow" warnings. */ > #define link link_shadow > > +/* > + * Use this routine to avoid copying too-long strings. Unlike strncpy > + * or strlcpy, we don't enable programmers who don't check return codes; > + * partially-copied strings can be problematic. The routine returns > + * the total number of bytes copied (including the trailing NUL) or > + * zero if the buffer wasn't big enough. > + */ > +static size_t strscpy(char *dest, const char *src, size_t size) > +{ > + size_t ret = strnlen(src, size) + 1; > + if (ret > size) { > + if (size) > + dest[0] = '\0'; > + return 0; > + } > + memcpy(dest, src, ret); > + return ret; > +} -- ~Randy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/