1. Patchew
  2. linux
  3. View series

[PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()

tomasz.unger@yahoo.pl posted 1 patch 1 month, 3 weeks ago
There is a newer version of this series
drivers/nfc/pn544/i2c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()
Posted by tomasz.unger@yahoo.pl 1 month, 3 weeks ago 
From: Tomasz Unger <tomasz.unger@yahoo.pl>

strcpy() does not limit the number of bytes copied which can lead to
buffer overflow. Replace with strscpy() which is safer as it limits
the copy to the size of the destination buffer.

Compilation testing:
- checkpatch.pl: 0 errors, 0 warnings
- make drivers/nfc/pn544/i2c.o: compiled successfully

Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>
---
 drivers/nfc/pn544/i2c.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
index a0dfb3f98d5a..7261e12aa6b5 100644
--- a/drivers/nfc/pn544/i2c.c
+++ b/drivers/nfc/pn544/i2c.c
@@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
 
 	pr_info("Starting Firmware Download (%s)\n", firmware_name);
 
-	strcpy(phy->firmware_name, firmware_name);
+	strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));
 
 	phy->hw_variant = hw_variant;
 	phy->fw_work_state = FW_WORK_STATE_START;
-- 
2.53.0
Re: [PATCH] nfc: pn544: i2c: Replace strcpy() with strscpy()
Posted by Simon Horman 1 month, 2 weeks ago 
On Tue, Feb 24, 2026 at 08:22:42AM +0100, tomasz.unger@yahoo.pl wrote:
> From: Tomasz Unger <tomasz.unger@yahoo.pl>
> 
> strcpy() does not limit the number of bytes copied which can lead to
> buffer overflow. Replace with strscpy() which is safer as it limits
> the copy to the size of the destination buffer.
> 
> Compilation testing:
> - checkpatch.pl: 0 errors, 0 warnings
> - make drivers/nfc/pn544/i2c.o: compiled successfully
> 
> Signed-off-by: Tomasz Unger <tomasz.unger@yahoo.pl>

I am wondering if this is more of a cleanup, or more of a bug fix.
IOW, can an overflow actually occur?

Assuming that firmware_name is derived from user input I would suspect
that this is a bug fix. In which case it should be targeted at net.

	Subject: [PATCH net] ...

And have a Fixes tag denoting the commit that introduced the problem.
It should go immediately above your Signed-off-by line; no blank line in
between.

Otherwise it would be best to explicitly target this patch at
the net-next tree:

	Subject: [PATCH net-next] ...

AI generated review flagged that this looks like a bug fix.

> ---
>  drivers/nfc/pn544/i2c.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/nfc/pn544/i2c.c b/drivers/nfc/pn544/i2c.c
> index a0dfb3f98d5a..7261e12aa6b5 100644
> --- a/drivers/nfc/pn544/i2c.c
> +++ b/drivers/nfc/pn544/i2c.c
> @@ -526,7 +526,7 @@ static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
>  
>  	pr_info("Starting Firmware Download (%s)\n", firmware_name);
>  
> -	strcpy(phy->firmware_name, firmware_name);
> +	strscpy(phy->firmware_name, firmware_name, sizeof(phy->firmware_name));

phy->firmware_name is an array.
So you can use the two-argument variant of strscpy() here.

>  
>  	phy->hw_variant = hw_variant;
>  	phy->fw_work_state = FW_WORK_STATE_START;

-- 
pw-bot: changes-requested

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.