On Wed, Jan 31, 2024 at 7:53 AM Kees Cook <[email protected]> wrote: > > Using sizeof(dst) for the "size" argument in strscpy() is the > overwhelmingly common case. Instead of requiring this everywhere, allow a > 2-argument version to be used that will use the sizeof() internally. There > are other functions in the kernel with optional arguments[1], so this > isn't unprecedented, and improves readability. Update and relocate the > kern-doc for strscpy() too. > > This could additionally let us save a few hundred lines of code: > 1177 files changed, 2455 insertions(+), 3026 deletions(-) > with a treewide cleanup using Coccinelle: > > @needless_arg@ > expression DST, SRC; > @@ > > strscpy(DST, SRC > -, sizeof(DST) > )
... Shouldn't you include, if not yet, args.h to string.h? ... > +/** > + * strscpy - Copy a C-string into a sized buffer > + * @dst: Where to copy the string to > + * @src: Where to copy the string from > + * @...: Size of destination buffer (optional) > + * > + * Copy the source string @src, or as much of it as fits, into the > + * destination @dst buffer. The behavior is undefined if the string > + * buffers overlap. The destination @dst buffer is always NUL terminated, > + * unless it's zero-sized. > + * > + * The size argument @... is only required when @dst is not an array, or > + * when the copy needs to be smaller than sizeof(@dst). > + * > + * Preferred to strncpy() since it always returns a valid string, and > + * doesn't unnecessarily force the tail of the destination buffer to be > + * zero padded. If padding is desired please use strscpy_pad(). For the sake of consistency shouldn't that be updated the same way? > + * Returns the number of characters copied in @dst (not including the > + * trailing %NUL) or -E2BIG if @size is 0 or the copy from @src was > + * truncated. > + */ -- With Best Regards, Andy Shevchenko
