On 17/07/2025 17:57, Martin Husemann wrote:
On Thu, Jul 17, 2025 at 04:38:50PM +0100, Andrew Goodbody wrote:
The original use of strcpy suggests that the string must be \0 terminated. I
will admit that I do not know the code well, is dir->itr.name guaranteed to
be a known fixed size?
You are r
On Thu, Jul 17, 2025 at 04:38:50PM +0100, Andrew Goodbody wrote:
> The original use of strcpy suggests that the string must be \0 terminated. I
> will admit that I do not know the code well, is dir->itr.name guaranteed to
> be a known fixed size?
You are right, the iterator's name pointer always p
On 17/07/2025 15:58, Martin Husemann wrote:
On Thu, Jul 17, 2025 at 03:54:37PM +0100, Andrew Goodbody wrote:
memset(dent, 0, sizeof(*dent));
- strcpy(dent->name, dir->itr.name);
+ strlcpy(dent->name, dir->itr.name, FS_DIRENT_NAME_LEN);
Shouldn't that be strncpy() instead? Usi
On Thu, Jul 17, 2025 at 03:54:37PM +0100, Andrew Goodbody wrote:
>
> memset(dent, 0, sizeof(*dent));
> - strcpy(dent->name, dir->itr.name);
> + strlcpy(dent->name, dir->itr.name, FS_DIRENT_NAME_LEN);
Shouldn't that be strncpy() instead? Using strlcpy() for fixed size
records where
Instead of strcpy which is unbounded use strlcpy to ensure that the
receiving buffer cannot be overflowed.
This issue found by Smatch.
Signed-off-by: Andrew Goodbody
---
fs/fat/fat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/fat/fat.c b/fs/fat/fat.c
index 89f2acbba1
5 matches
Mail list logo
