On Mon, Sep 10, 2018 at 5:19 AM, Mauro Carvalho Chehab
<[email protected]> wrote:
> The strcpy() function is being deprecated upstream. Replace
> it by the safer strscpy().
Did you verify that all the destination buffers here are arrays and
not pointers? For example:
struct thing {
char buffer[64];
char *ptr;
}
strscpy(instance->buffer, source, sizeof(instance->buffer));
is correct.
But:
strscpy(instance->ptr, source, sizeof(instance->ptr));
will not be and will truncate strings to sizeof(char *).
If you _did_ verify this, I'd love to know more about your tooling. :)
-Kees
--
Kees Cook
Pixel Security
