On Mon, 18 May 2026 09:11:04 +0200 Geert Uytterhoeven <[email protected]> wrote:
> Hi David, ... > > I don't really see why strlcat() should be deprecated. > > Clearly there are many cases where there are better ways to do things. > > https://elixir.bootlin.com/linux/v7.0.8/source/include/linux/fortify-string.h#L346 > already says "Do not use this function. [...] Prefer building the > * string with formatting, via scnprintf(), seq_buf, or similar.". Trouble is that all requires a lot more rework. I might try changing the type of the 'buffer' to sysfs_emit() from 'char *' to 'sysfs_buf *'. Initially the types will have to be the same, but propagating it through will show where it can be used. But last I looked I failed to even find the associated kmalloc(). Eventually it could be changed to a different type. > > The only problem with strlcat() is that it returns the 'required length'. > > So there are some broken uses. > > - fs/nfs/flexfilelayout/flexfilelayout.c > > - lib/kunit/string-stream.c (although the preceding vsnprintf() looks like > > the actual bug). > > There is also some very strange code in security/selinus/ima.c - but it may > > be ok. > > > > In reality the return value of strlcat() isn't really much worse that that > > of snprintf(). > > So we need strscat()? ;-) Indeed... -- David > > Gr{oetje,eeting}s, > > Geert >
