strncpy() is deprecated for NUL-terminated destination buffers; use
strscpy() instead and remove the manual NUL-termination.

The destination buffer 'buf' is used only with kstrtouint() and must be
NUL-terminated, but not NUL-padded. The source string 'start' is also
guaranteed to be NUL-terminated and meets the __must_be_cstr()
requirement of strscpy().

No functional changes intended.

Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 kernel/trace/trace_events_synth.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
index e3f7d09e5512..4b51f74897b4 100644
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -207,8 +207,7 @@ static int synth_field_string_size(char *type)
 	if (len == 0)
 		return 0; /* variable-length string */
 
-	strncpy(buf, start, len);
-	buf[len] = '\0';
+	strscpy(buf, start, len + 1);
 
 	err = kstrtouint(buf, 0, &size);
 	if (err)
-- 
2.48.1

On Mon, 10 Mar 2025 21:03:58 +0100
Thorsten Blum <thorsten.blum@linux.dev> wrote:

> diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
> index e3f7d09e5512..4b51f74897b4 100644
> --- a/kernel/trace/trace_events_synth.c
> +++ b/kernel/trace/trace_events_synth.c
> @@ -207,8 +207,7 @@ static int synth_field_string_size(char *type)
>  	if (len == 0)
>  		return 0; /* variable-length string */
>  
> -	strncpy(buf, start, len);
> -	buf[len] = '\0';
> +	strscpy(buf, start, len + 1);
>  
>  	err = kstrtouint(buf, 0, &size);
>  	if (err)
> -

Looking at the code, it calculates the start and end by scanning the
string. I think it's better to just use memcpy() instead. It's not like
it's copying a random string passed in.

-- Steve