https://lwn.net/Articles/643376/ This is a special feed containing comments posted to the individual LWN article titled "Improving kernel string handling". en-us Sun, 21 Sep 2025 07:53:15 +0000 Sun, 21 Sep 2025 07:53:15 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/643715/ https://lwn.net/Articles/643715/ cesarb <div class="FormattedComment"> For the kernel, -E2BIG is often what you want.<br> <p> long sys_foo(...)<br> {<br> long ret = 0;<br> <p> /* ... */<br> <p> ret = strscpy(dest, src, sizeof_dest);<br> if (ret &lt; 0)<br> goto err;<br> /* ret now has the string length, saving a strlen() */<br> <p> /* ... */<br> <p> return ret;<br> <p> err:<br> /* ...cleanup... */<br> return ret;<br> }<br> <p> That is, in case of error, the value can be returned directly to userspace. That is a common design pattern in the kernel: if a function you called returns a negative value (indicating failure), abort what you were doing and pass that value up the stack.<br> </div> Fri, 08 May 2015 18:49:28 +0000 https://lwn.net/Articles/643713/ https://lwn.net/Articles/643713/ reubenhwk I'd also suggest that -E2BIG is a really bad return value. Rather return -(space_needed). <pre> int rc = strscpy(dest, src, sizeof(dest)); if (rc &lt; 0) { dest = malloc(-rc); strscpy(dest, src, -rc); } </pre> ...or something like that anyway. Fri, 08 May 2015 18:08:45 +0000 https://lwn.net/Articles/643523/ https://lwn.net/Articles/643523/ ibukanov <div class="FormattedComment"> I think it would be better for strscpy to require that count should be at least 1 treating count==0 as a programming error with similar consequences as passing a null pointer. This way one can be assured that the result is always null-terminated no matter what.<br> </div> Thu, 07 May 2015 10:10:32 +0000