1. Patchew
  2. linux
  3. View series

[PATCH] tools: include: add proper strscpy() declaration

Lucas Poupeau posted 1 patch 1 month, 1 week ago
There is a newer version of this series
tools/include/linux/string.h |  5 ++++-
tools/lib/string.c           | 37 ++++++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+), 1 deletion(-)
[PATCH] tools: include: add proper strscpy() declaration
Posted by Lucas Poupeau 1 month, 1 week ago 
Currently, strscpy() is defined as a macro for strcpy() in the tools
headers. This is unsafe and prevents using the real strscpy() logic
that provides better buffer overflow protection.

Remove the macro hack and add a proper extern declaration for
strscpy(). This allows tools to use the safer string copying API
once the implementation is provided.

Suggested-by: Maxwell Doose <m32285159@gmail.com>
Signed-off-by: Lucas Poupeau <lucasp.linux@gmail.com>
---
 tools/include/linux/string.h |  5 ++++-
 tools/lib/string.c           | 37 ++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/tools/include/linux/string.h b/tools/include/linux/string.h
index 51ad3cf4fa82..4f3547d0cd84 100644
--- a/tools/include/linux/string.h
+++ b/tools/include/linux/string.h
@@ -12,7 +12,6 @@ void argv_free(char **argv);
 
 int strtobool(const char *s, bool *res);
 
-#define strscpy strcpy
 
 /*
  * glibc based builds needs the extern while uClibc doesn't.
@@ -30,6 +29,10 @@ extern size_t strlcpy(char *dest, const char *src, size_t size);
 #endif
 #endif
 
+extern ssize_t strscpy(char *dest, const char *src, size_t count);
+
+char *str_error_r(int errnum, char *buf, size_t buflen);
+
 char *str_error_r(int errnum, char *buf, size_t buflen);
 
 char *strreplace(char *s, char old, char new);
diff --git a/tools/lib/string.c b/tools/lib/string.c
index 3126d2cff716..12fabbe583cf 100644
--- a/tools/lib/string.c
+++ b/tools/lib/string.c
@@ -36,6 +36,43 @@ void *memdup(const void *src, size_t len)
 	return p;
 }
 
+/**
+ * strscpy - Copy a C-string into a sized buffer
+ * @dest: Where to copy the string to
+ * @src: Where to copy the string from
+ * @count: Size of destination buffer
+ *
+ * Copy the source string to the destination buffer. The result is
+ * always a valid NUL-terminated string that fits in the buffer.
+ *
+ * Return:
+ * * The number of characters copied (not including the trailing NUL)
+ * * -E2BIG if count is 0 or @src was truncated.
+ */
+ssize_t strscpy(char *dest, const char *src, size_t count)
+{
+	size_t res = 0;
+
+	if (count == 0)
+		return -E2BIG;
+
+	while (count) {
+		char c = src[res];
+
+		dest[res] = c;
+		if (!c)
+			return res;
+		res++;
+		count--;
+	}
+
+	/* Hit buffer length without finding a NUL; force NUL-termination. */
+	if (res)
+		dest[res-1] = '\0';
+
+	return -E2BIG;
+}
+
 /**
  * strtobool - convert common user inputs into boolean values
  * @s: input string
-- 
2.54.0
Re: [PATCH] tools: include: add proper strscpy() declaration
Posted by kernel test robot 1 month ago 
Hi Lucas,

kernel test robot noticed the following build errors:

[auto build test ERROR on linus/master]
[also build test ERROR on v7.1-rc2 next-20260508]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Lucas-Poupeau/tools-include-add-proper-strscpy-declaration/20260511-022707
base:   linus/master
patch link:    https://lore.kernel.org/r/20260504212301.63750-1-lucasp.linux%40gmail.com
patch subject: [PATCH] tools: include: add proper strscpy() declaration
config: x86_64-randconfig-012-20260511 (https://download.01.org/0day-ci/archive/20260511/202605110734.1Vga6ipo-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260511/202605110734.1Vga6ipo-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202605110734.1Vga6ipo-lkp@intel.com/

All errors (new ones prefixed by >>):

   In file included from parse-options.c:3:
>> tools/include/linux/string.h:32:8: error: unknown type name 'ssize_t'; did you mean 'size_t'?
      32 | extern ssize_t strscpy(char *dest, const char *src, size_t count);
         |        ^~~~~~~
         |        size_t
>> tools/include/linux/string.h:36:7: error: redundant redeclaration of 'str_error_r' [-Werror=redundant-decls]
      36 | char *str_error_r(int errnum, char *buf, size_t buflen);
         |       ^~~~~~~~~~~
   tools/include/linux/string.h:34:7: note: previous declaration of 'str_error_r' with type 'char *(int,  char *, size_t)' {aka 'char *(int,  char *, long unsigned int)'}
      34 | char *str_error_r(int errnum, char *buf, size_t buflen);
         |       ^~~~~~~~~~~
   In file included from exec-cmd.c:3:
>> tools/include/linux/string.h:32:8: error: unknown type name 'ssize_t'; did you mean 'size_t'?
      32 | extern ssize_t strscpy(char *dest, const char *src, size_t count);
         |        ^~~~~~~
         |        size_t
>> tools/include/linux/string.h:36:7: error: redundant redeclaration of 'str_error_r' [-Werror=redundant-decls]
      36 | char *str_error_r(int errnum, char *buf, size_t buflen);
         |       ^~~~~~~~~~~
   tools/include/linux/string.h:34:7: note: previous declaration of 'str_error_r' with type 'char *(int,  char *, size_t)' {aka 'char *(int,  char *, long unsigned int)'}
      34 | char *str_error_r(int errnum, char *buf, size_t buflen);
         |       ^~~~~~~~~~~
   In file included from run-command.c:9:
>> tools/include/linux/string.h:36:7: error: redundant redeclaration of 'str_error_r' [-Werror=redundant-decls]
      36 | char *str_error_r(int errnum, char *buf, size_t buflen);
         |       ^~~~~~~~~~~
   tools/include/linux/string.h:34:7: note: previous declaration of 'str_error_r' with type 'char *(int,  char *, size_t)' {aka 'char *(int,  char *, long unsigned int)'}
      34 | char *str_error_r(int errnum, char *buf, size_t buflen);
         |       ^~~~~~~~~~~
   In file included from help.c:5:
>> tools/include/linux/string.h:36:7: error: redundant redeclaration of 'str_error_r' [-Werror=redundant-decls]
      36 | char *str_error_r(int errnum, char *buf, size_t buflen);
         |       ^~~~~~~~~~~
   tools/include/linux/string.h:34:7: note: previous declaration of 'str_error_r' with type 'char *(int,  char *, size_t)' {aka 'char *(int,  char *, long unsigned int)'}
      34 | char *str_error_r(int errnum, char *buf, size_t buflen);
         |       ^~~~~~~~~~~
   cc1: all warnings being treated as errors
   cc1: all warnings being treated as errors
   make[6]: *** [tools/build/Makefile.build:95: tools/objtool/libsubcmd/exec-cmd.o] Error 1 shuffle=2681766322
   make[6]: *** [tools/build/Makefile.build:95: tools/objtool/libsubcmd/parse-options.o] Error 1 shuffle=2681766322
   cc1: all warnings being treated as errors
   make[6]: *** [tools/build/Makefile.build:95: tools/objtool/libsubcmd/run-command.o] Error 1 shuffle=2681766322
   cc1: all warnings being treated as errors
   make[6]: *** [tools/build/Makefile.build:95: tools/objtool/libsubcmd/help.o] Error 1 shuffle=2681766322
   make[6]: Target '__build' not remade because of errors.
   make[5]: *** [Makefile:78: tools/objtool/libsubcmd/libsubcmd-in.o] Error 2 shuffle=2681766322
   make[5]: Target 'tools/objtool/libsubcmd/libsubcmd.a' not remade because of errors.
   make[4]: *** [Makefile:135: tools/objtool/libsubcmd/libsubcmd.a] Error 2 shuffle=2681766322
   make[4]: Target 'all' not remade because of errors.
   make[3]: *** [Makefile:74: objtool] Error 2 shuffle=2681766322
   make[2]: *** [Makefile:1557: tools/objtool] Error 2 shuffle=2681766322
   make[2]: Target 'prepare' not remade because of errors.
   make[1]: *** [Makefile:248: __sub-make] Error 2 shuffle=2681766322
   make[1]: Target 'prepare' not remade because of errors.
   make: *** [Makefile:248: __sub-make] Error 2 shuffle=2681766322
   make: Target 'prepare' not remade because of errors.


vim +32 tools/include/linux/string.h

    31	
  > 32	extern ssize_t strscpy(char *dest, const char *src, size_t count);
    33	
    34	char *str_error_r(int errnum, char *buf, size_t buflen);
    35	
  > 36	char *str_error_r(int errnum, char *buf, size_t buflen);
    37	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Re: [PATCH] tools: include: add proper strscpy() declaration
Posted by Maxwell Doose 1 month, 1 week ago 
On Mon, May 4, 2026 at 4:23 PM Lucas Poupeau <lucasp.linux@gmail.com> wrote:
>
> Currently, strscpy() is defined as a macro for strcpy() in the tools
> headers. This is unsafe and prevents using the real strscpy() logic
> that provides better buffer overflow protection.
>
> Remove the macro hack and add a proper extern declaration for
> strscpy(). This allows tools to use the safer string copying API
> once the implementation is provided.
>
> Suggested-by: Maxwell Doose <m32285159@gmail.com>
> Signed-off-by: Lucas Poupeau <lucasp.linux@gmail.com>
>
[snip]
>
> +extern ssize_t strscpy(char *dest, const char *src, size_t count);
> +
> +char *str_error_r(int errnum, char *buf, size_t buflen);
> +
>  char *str_error_r(int errnum, char *buf, size_t buflen);
>

Looks like you have a duplicate definition here.

best regards,
max




>
>  char *strreplace(char *s, char old, char new);
> diff --git a/tools/lib/string.c b/tools/lib/string.c
> index 3126d2cff716..12fabbe583cf 100644
> --- a/tools/lib/string.c
> +++ b/tools/lib/string.c
> @@ -36,6 +36,43 @@ void *memdup(const void *src, size_t len)
>         return p;
>  }
>
> +/**
> + * strscpy - Copy a C-string into a sized buffer
> + * @dest: Where to copy the string to
> + * @src: Where to copy the string from
> + * @count: Size of destination buffer
> + *
> + * Copy the source string to the destination buffer. The result is
> + * always a valid NUL-terminated string that fits in the buffer.
> + *
> + * Return:
> + * * The number of characters copied (not including the trailing NUL)
> + * * -E2BIG if count is 0 or @src was truncated.
> + */
> +ssize_t strscpy(char *dest, const char *src, size_t count)
> +{
> +       size_t res = 0;
> +
> +       if (count == 0)
> +               return -E2BIG;
> +
> +       while (count) {
> +               char c = src[res];
> +
> +               dest[res] = c;
> +               if (!c)
> +                       return res;
> +               res++;
> +               count--;
> +       }
> +
> +       /* Hit buffer length without finding a NUL; force NUL-termination. */
> +       if (res)
> +               dest[res-1] = '\0';
> +
> +       return -E2BIG;
> +}
> +
>  /**
>   * strtobool - convert common user inputs into boolean values
>   * @s: input string
> --
> 2.54.0
>
Re: [PATCH] tools: include: add proper strscpy() declaration
Posted by Maxwell Doose 1 month, 1 week ago 
On Mon, May 4, 2026 at 4:38 PM Maxwell Doose <m32285159@gmail.com> wrote:
>
> On Mon, May 4, 2026 at 4:23 PM Lucas Poupeau <lucasp.linux@gmail.com> wrote:
> >
> > Currently, strscpy() is defined as a macro for strcpy() in the tools
> > headers. This is unsafe and prevents using the real strscpy() logic
> > that provides better buffer overflow protection.
> >
> > Remove the macro hack and add a proper extern declaration for
> > strscpy(). This allows tools to use the safer string copying API
> > once the implementation is provided.
> >
> > Suggested-by: Maxwell Doose <m32285159@gmail.com>
> > Signed-off-by: Lucas Poupeau <lucasp.linux@gmail.com>
> >
> [snip]
> >
> > +extern ssize_t strscpy(char *dest, const char *src, size_t count);
> > +
> > +char *str_error_r(int errnum, char *buf, size_t buflen);
> > +
> >  char *str_error_r(int errnum, char *buf, size_t buflen);
> >
>
> Looks like you have a duplicate definition here.
>
> best regards,
> max
>

Also would be worth checking sashiko's report:
https://sashiko.dev/#/patchset/20260504212301.63750-1-lucasp.linux%40gmail.com

best regards,
max
Re: [PATCH] tools: include: add proper strscpy() declaration
Posted by Maxwell Doose 1 month, 1 week ago 
On Mon, May 4, 2026 at 4:47 PM Maxwell Doose <m32285159@gmail.com> wrote:
>
> On Mon, May 4, 2026 at 4:38 PM Maxwell Doose <m32285159@gmail.com> wrote:
> >
> > On Mon, May 4, 2026 at 4:23 PM Lucas Poupeau <lucasp.linux@gmail.com> wrote:
> > >
> > > Currently, strscpy() is defined as a macro for strcpy() in the tools
> > > headers. This is unsafe and prevents using the real strscpy() logic
> > > that provides better buffer overflow protection.
> > >
> > > Remove the macro hack and add a proper extern declaration for
> > > strscpy(). This allows tools to use the safer string copying API
> > > once the implementation is provided.
> > >
> > > Suggested-by: Maxwell Doose <m32285159@gmail.com>
> > > Signed-off-by: Lucas Poupeau <lucasp.linux@gmail.com>
> > >
> > [snip]
> > >
> > > +extern ssize_t strscpy(char *dest, const char *src, size_t count);
> > > +
> > > +char *str_error_r(int errnum, char *buf, size_t buflen);
> > > +
> > >  char *str_error_r(int errnum, char *buf, size_t buflen);
> > >
> >
> > Looks like you have a duplicate definition here.
> >
> > best regards,
> > max
> >
>
> Also would be worth checking sashiko's report:
> https://sashiko.dev/#/patchset/20260504212301.63750-1-lucasp.linux%40gmail.com
>

By the way, Wei gave you the greenlight to go forward with this so
make sure to add:

Fixes: 9e3d665 ("memblock test: fix implicit declaration of function 'strscpy'")

but maybe note that this doesn't need to be backported.

> best regards,
> max

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.