Re: [Cocci] [PATCH] usb: atm: don't use snprintf() for sysfs attrs
From: Kees Cook
Date: Thu Aug 27 2020 - 18:17:01 EST
On Thu, Aug 27, 2020 at 03:11:57PM -0700, Joe Perches wrote:
> On Thu, 2020-08-27 at 22:03 +0000, David Laight wrote:
> > From: Joe Perches
> > > Sent: 27 August 2020 21:30
> > ...
> > > Perhaps what's necessary is to find any
> > > appropriate .show function and change
> > > any use of strcpy/sprintf within those
> > > function to some other name.
> > >
> > > For instance:
> > >
> > > drivers/isdn/mISDN/core.c-static ssize_t name_show(struct device *dev,
> > > drivers/isdn/mISDN/core.c- struct device_attribute *attr, char *buf)
> > > drivers/isdn/mISDN/core.c-{
> > > drivers/isdn/mISDN/core.c: strcpy(buf, dev_name(dev));
> > > drivers/isdn/mISDN/core.c- return strlen(buf);
> > > drivers/isdn/mISDN/core.c-}
> > > drivers/isdn/mISDN/core.c-static DEVICE_ATTR_RO(name);
> >
> > That form ends up calculating the string length twice.
> > Better would be:
> > len = strlen(msg);
> > memcpy(buf, msg, len);
> > return len;
>
> or given clang's requirement for stpcpy
>
> return stpcpy(buf, dev_name(dev)) - buf;
>
> (I do not advocate for this ;)
Heh. And humans aren't allowed to use stpcpy() in the kernel. :)
--
Kees Cook