1. Patchew
  2. linux
  3. View series

[PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store

Thorsten Blum posted 1 patch 3 months, 3 weeks ago 
drivers/w1/slaves/w1_therm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store
Posted by Thorsten Blum 3 months, 3 weeks ago 
strcpy() is deprecated because it can overflow when the destination
buffer is not large enough for the source string. Replace it with
strscpy(), which avoids overflows and guarantees NUL-termination.

Link: https://github.com/KSPP/linux/issues/88
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 drivers/w1/slaves/w1_therm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c
index 9ccedb3264fb..fcd7aab5b52d 100644
--- a/drivers/w1/slaves/w1_therm.c
+++ b/drivers/w1/slaves/w1_therm.c
@@ -1849,7 +1849,7 @@ static ssize_t alarms_store(struct device *device,
 			__func__, -ENOMEM);
 		return size;
 	}
-	strcpy(p_args, buf);
+	strscpy(p_args, buf, size);
 
 	/* Split string using space char */
 	token = strsep(&p_args, " ");
-- 
2.51.0
Re: [PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store
Posted by Krzysztof Kozlowski 3 months, 2 weeks ago 
On 17/10/2025 19:00, Thorsten Blum wrote:
> strcpy() is deprecated because it can overflow when the destination
> buffer is not large enough for the source string. Replace it with

It cannot overflow. Look at the code - memory is allocated for the size.

> strscpy(), which avoids overflows and guarantees NUL-termination.

Maybe NUL-termination is missing, could be.

Anyway please write commit msg describing this exact code, not a generic
one for work replacing strcpy(). Your generic commit msg is just not
applicable here.

And even there, just look at the code - why exactly cannot it be
simplified into ksrtdup?



Best regards,
Krzysztof
Re: [PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store
Posted by David Laight 3 months, 2 weeks ago 
On Mon, 20 Oct 2025 09:01:08 +0200
Krzysztof Kozlowski <krzk@kernel.org> wrote:

> On 17/10/2025 19:00, Thorsten Blum wrote:
> > strcpy() is deprecated because it can overflow when the destination
> > buffer is not large enough for the source string. Replace it with  
> 
> It cannot overflow. Look at the code - memory is allocated for the size.
> 
> > strscpy(), which avoids overflows and guarantees NUL-termination.  
> 
> Maybe NUL-termination is missing, could be.
> 
> Anyway please write commit msg describing this exact code, not a generic
> one for work replacing strcpy(). Your generic commit msg is just not
> applicable here.
> 
> And even there, just look at the code - why exactly cannot it be
> simplified into ksrtdup?

Or use a different function for numeric conversion that behaves like
the userspace strtoul() family and returns a pointer to the character
that fails the conversion - and then check it is a space.

Then there isn't any need to copy the string at all.

	David

> 
> 
> 
> Best regards,
> Krzysztof
>
Re: [PATCH] w1: therm: Replace deprecated strcpy with strscpy in alarms_store
Posted by Thorsten Blum 3 months, 2 weeks ago 
On 20. Oct 2025, at 09:01, Krzysztof Kozlowski wrote:
> On 17/10/2025 19:00, Thorsten Blum wrote:
>> strcpy() is deprecated because it can overflow when the destination
>> buffer is not large enough for the source string. Replace it with
> 
> It cannot overflow. Look at the code - memory is allocated for the size.

The sysfs buffer passed to alarms_store() is allocated with 'size + 1'
bytes to include a NUL terminator. However, the 'size' argument does not
account for this extra byte.

And since 'p_args' is allocated with only 'size' bytes and strcpy()
copies 'buf' until the first '\0' at index 'size', strcpy() writes one
byte past the end of 'p_args'.

Using kstrdup() fixes this issue, as it allocates 'strlen(buf) + 1'
bytes and copies the NUL terminator safely.

I would also remove the misleading comment, drop dev_warn(), and return
-ENOMEM on allocation failure.

Would this work for you?

diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c
index 9ccedb3264fb..94512f8b60f5 100644
--- a/drivers/w1/slaves/w1_therm.c
+++ b/drivers/w1/slaves/w1_therm.c
@@ -1841,15 +1841,9 @@ static ssize_t alarms_store(struct device *device,
	s8 tl, th;	/* 1 byte per value + temp ring order */
	char *p_args, *orig;

-	p_args = orig = kmalloc(size, GFP_KERNEL);
-	/* Safe string copys as buf is const */
-	if (!p_args) {
-		dev_warn(device,
-			"%s: error unable to allocate memory %d\n",
-			__func__, -ENOMEM);
-		return size;
-	}
-	strcpy(p_args, buf);
+	p_args = orig = kstrdup(buf, GFP_KERNEL);
+	if (!p_args)
+		return -ENOMEM;

	/* Split string using space char */
	token = strsep(&p_args, " ");

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.