The strlcpy() function is dangerous in that the source buffer length is unbounded. This can cause memory over-reads, crashes, etc. It should be entirely removed from the kernel in favor of using strscpy().
https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
https://lore.kernel.org/r/CAHk-=wgfRnXz0W3D37d01q3JFkr_i_uTL=V6A6G1oUZcprmknw@mail.gmail.com/
As with all of these kind of major refactorings, the changes are best split up into any special categories of manual steps, and then any special categories of automated steps. For example, I see at least two cases for strlcpy() -> strscpy():
The
strlcpy()function is dangerous in that the source buffer length is unbounded. This can cause memory over-reads, crashes, etc. It should be entirely removed from the kernel in favor of usingstrscpy().https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
https://lore.kernel.org/r/CAHk-=wgfRnXz0W3D37d01q3JFkr_i_uTL=V6A6G1oUZcprmknw@mail.gmail.com/
As with all of these kind of major refactorings, the changes are best split up into any special categories of manual steps, and then any special categories of automated steps. For example, I see at least two cases for
strlcpy()->strscpy():strlcpy()'s return value being used and figure out how to correctly deal with it, sincestrscpy()'s return value is quite different