[PATCH] selftests/powerpc: Fix strncpy usage
Segher Boessenkool
segher at kernel.crashing.org
Sat Jun 23 11:10:09 AEST 2018
Hi!
On Fri, Jun 22, 2018 at 11:43:44AM -0300, Breno Leitao wrote:
> On 06/21/2018 08:18 PM, Segher Boessenkool wrote:
> > On Wed, Jun 20, 2018 at 07:51:11PM -0300, Breno Leitao wrote:
> >> - strncpy(prog, argv[0], strlen(argv[0]));
> >> + strncpy(prog, argv[0], sizeof(prog) - 1);
> >
> > strncpy(prog, argv[0], sizeof prog);
> > if (prog[sizeof prog - 1])
> > scream_bloody_murder();
> >
> > Silently using the wrong data is a worse habit than not checking for
> > overflows ;-)
>
> Completely agree! Thanks for bringing this up.
>
> If you don't mind, I would solve this problem slightly different, as it seems
> to be more readable.
>
> - strncpy(prog, argv[0], strlen(argv[0]));
> + if (strlen(argv[0]) >= LEN_MAX){
> + fprintf(stderr, "Very big executable name: %s\n", argv[0]);
> + return 1;
> + }
> +
> + strncpy(prog, argv[0], sizeof(prog) - 1);
The strlen reads all of argv[0], which can be very big in theory. It won't
matter in this test file -- program arguments cannot be super long, for one
thing -- but it's not a good idea in general (that is one of the problems
of strlcpy, btw).
Best of course is to avoid string length restrictions completely, if you can.
Segher
More information about the Linuxppc-dev
mailing list