On Mon, 14 Oct 2024 14:31:29 -0700 Kees Cook <k...@kernel.org> wrote: > > We know the destination must have a NUL-terminated string. Is the src > NUL terminated? Looking at parse_pred(), it seems like no? And we can't > use memtostr_pad() here because the source buffer size isn't known at > compile time. Okay then. And there are no NUL bytes in the "str + s" > span, so yeah, it looks like memcpy() is best. > > Reviewed-by: Kees Cook <k...@kernel.org> >
The code is simply breaking up parts of one string and copying the bits into other strings. Like the example that broke: $ echo 'common_pid != 0 && common_pid != 120 && common_pid != 1253 && common_pid != 17 && common_pid != 394 && common_pid != 81 && common_pid != 87' > /sys/kernel/tracing/events/sched/sched_switch/filter It would need to move each of the above tokens "common_pid", "!=", "0", "&&", etc into their own strings for later processing. The parser finds the start and end of the location needed to copy, so memcpy() followed by a nul byte is fine. -- Steve
