Re: Is strncpy really less secure than strscpy ?

From: James Dutton
Date: Thu Oct 19 2023 - 13:57:26 EST

Next message: Saeed Mahameed: "Re: mlx5 ConnectX diagnostic misc driver"
Previous message: Greg Kroah-Hartman: "Re: [PATCH v3 2/2] drivers: misc: adi-axi-tdd: Add TDD engine"
In reply to: Justin Stitt: "Re: Is strncpy really less secure than strscpy ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 19 Oct 2023 at 02:49, Bagas Sanjaya <bagasdotme@xxxxxxxxx> wrote:
>
[snip]
>
> What if printf("a is %.*s\n", a);?
Um, it fails to compile.
>
> >
> >
> > So, why isn't the printk format specifier "%.*s" used more instead of
> > "%s" in the kernel?
>
> Since basically strings are pointers.
Um, I was trying to draw people's attention to the fact that "%.*s" is
much safer than "%s".
"%s" is like strcpy() but for print statements.
"%.*s" is like strncpy() but for print statements.

Why wasn't "%.*s" also included in the string discussions previously?

Next message: Saeed Mahameed: "Re: mlx5 ConnectX diagnostic misc driver"
Previous message: Greg Kroah-Hartman: "Re: [PATCH v3 2/2] drivers: misc: adi-axi-tdd: Add TDD engine"
In reply to: Justin Stitt: "Re: Is strncpy really less secure than strscpy ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]