1. Patchew
  2. linux
  3. View series

[PATCH v1] mtd: sm_ftl: use strscpy() in sm_attr_show()

Dharanitharan R posted 1 patch 1 week, 6 days ago 
drivers/mtd/sm_ftl.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
[PATCH v1] mtd: sm_ftl: use strscpy() in sm_attr_show()
Posted by Dharanitharan R 1 week, 6 days ago 
In sm_ftl.c, the sm_attr_show() function currently copies
attribute data using:

    strncpy(buf, sm_attr->data, sm_attr->len);
    return sm_attr->len;

Using strncpy() can be unsafe because it does not guarantee
a NUL terminator if the source length equals the buffer size.
Although sm_attr->data comes from internal structures and
is NUL-terminated, it is cleaner and safer to use strscpy(),
which guarantees NUL termination and avoids zero-padding.

The destination buffer is PAGE_SIZE bytes, which is sufficient
to hold sm_attr->data without truncation. The return value
of strscpy() matches the expected behavior of sm_attr_show().

Replace the strncpy() call with:

    return strscpy(buf, sm_attr->data, PAGE_SIZE);

Signed-off-by: Dharanitharan R <dharanitharan725@gmail.com>
---
 drivers/mtd/sm_ftl.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/mtd/sm_ftl.c b/drivers/mtd/sm_ftl.c
index abc7b186353f..229fdc4a754a 100644
--- a/drivers/mtd/sm_ftl.c
+++ b/drivers/mtd/sm_ftl.c
@@ -44,8 +44,7 @@ static ssize_t sm_attr_show(struct device *dev, struct device_attribute *attr,
 	struct sm_sysfs_attribute *sm_attr =
 		container_of(attr, struct sm_sysfs_attribute, dev_attr);
 
-	strncpy(buf, sm_attr->data, sm_attr->len);
-	return sm_attr->len;
+	return strscpy(buf, sm_attr->data, PAGE_SIZE);
 }
 
 
-- 
2.43.0
Re: [PATCH v1] mtd: sm_ftl: use strscpy() in sm_attr_show()
Posted by Miquel Raynal 3 days, 3 hours ago 
Hello,

On 06/12/2025 at 03:53:13 GMT, Dharanitharan R <dharanitharan725@gmail.com> wrote:

> In sm_ftl.c, the sm_attr_show() function currently copies
> attribute data using:
>
>     strncpy(buf, sm_attr->data, sm_attr->len);
>     return sm_attr->len;
>
> Using strncpy() can be unsafe because it does not guarantee
> a NUL terminator if the source length equals the buffer size.
> Although sm_attr->data comes from internal structures and
> is NUL-terminated, it is cleaner and safer to use strscpy(),
> which guarantees NUL termination and avoids zero-padding.
>
> The destination buffer is PAGE_SIZE bytes, which is sufficient
> to hold sm_attr->data without truncation. The return value
> of strscpy() matches the expected behavior of sm_attr_show().
>
> Replace the strncpy() call with:
>
>     return strscpy(buf, sm_attr->data, PAGE_SIZE);
>
> Signed-off-by: Dharanitharan R <dharanitharan725@gmail.com>

This commit won't apply, please resend based on v6.19-rc1.

Thanks,
Miquèl

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.