Hello Julia.
I just sent a patch to add yet another string copy mechanism.
This could help avoid misuses of strscpy and strlcpy like this
patch set:
https://lore.kernel.org/lkml/[email protected]/T/
A possible cocci script to do conversions could be:
$ cat str.cpy.cocci
@@
expression e1;
expression e2;
@@
- strscpy(e1, e2, sizeof(e1))
+ stracpy(e1, e2)
@@
expression e1;
expression e2;
@@
- strlcpy(e1, e2, sizeof(e1))
+ stracpy(e1, e2)
This obviously does not match the style of all the
scripts/coccinelle cocci files, but this might be
something that could be added improved and added.
This script produces:
$ spatch --in-place -sp-file str.cpy.cocci .
$ git checkout tools/
$ git diff --shortstat
958 files changed, 2179 insertions(+), 2655 deletions(-)
The remainder of strlcpy and strscpy uses in the
kernel would generally have a form like:
strlcpy(to, from, DEFINE)
where DEFINE is the specified size of to
Could the cocci script above be updated to find
and correct those styles as well?
cheers, Joe
--- Begin Message ---
Several uses of strlcpy and strscpy have had defects because the
last argument of each function is misused or typoed.
Add macro mechanisms to avoid this defect.
stracpy (copy a string to a string array) must have a string
array as the first argument (to) and uses sizeof(to) as the
size.
These mechanisms verify that the to argument is an array of
char or other compatible types like u8 or unsigned char.
A BUILD_BUG is emitted when the type of to is not compatible.
Signed-off-by: Joe Perches <[email protected]>
---
include/linux/string.h | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/include/linux/string.h b/include/linux/string.h
index 4deb11f7976b..f80b0973f0e5 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -35,6 +35,47 @@ ssize_t strscpy(char *, const char *, size_t);
/* Wraps calls to strscpy()/memset(), no arch specific code required */
ssize_t strscpy_pad(char *dest, const char *src, size_t count);
+/**
+ * stracpy - Copy a C-string into an array of char
+ * @to: Where to copy the string, must be an array of char and not a pointer
+ * @from: String to copy, may be a pointer or const char array
+ *
+ * Helper for strscpy.
+ * Copies a maximum of sizeof(@to) bytes of @from with %NUL termination.
+ *
+ * Returns:
+ * * The number of characters copied (not including the trailing %NUL)
+ * * -E2BIG if @to is a zero size array.
+ */
+#define stracpy(to, from) \
+({ \
+ size_t size = ARRAY_SIZE(to); \
+ BUILD_BUG_ON(!__same_type(typeof(*to), char)); \
+ \
+ strscpy(to, from, size); \
+})
+
+/**
+ * stracpy_pad - Copy a C-string into an array of char with %NUL padding
+ * @to: Where to copy the string, must be an array of char and not a pointer
+ * @from: String to copy, may be a pointer or const char array
+ *
+ * Helper for strscpy_pad.
+ * Copies a maximum of sizeof(@to) bytes of @from with %NUL termination
+ * and zero-pads the remaining size of @to
+ *
+ * Returns:
+ * * The number of characters copied (not including the trailing %NUL)
+ * * -E2BIG if @to is a zero size array.
+ */
+#define stracpy_pad(to, from) \
+({ \
+ size_t size = ARRAY_SIZE(to); \
+ BUILD_BUG_ON(!__same_type(typeof(*to), char)); \
+ \
+ strscpy_pad(to, from, size); \
+})
+
#ifndef __HAVE_ARCH_STRCAT
extern char * strcat(char *, const char *);
#endif
--
2.15.0
--- End Message ---
_______________________________________________
Cocci mailing list
[email protected]
https://systeme.lip6.fr/mailman/listinfo/cocci
