Both the Linux kernel and libbsd agree that strlcpy() should always
return strlen(src) and not include the NUL termination. The incorrect
U-Boot implementation makes it impossible to check the return value for
truncation, and breaks code written with the usual implementation in
mind (for example, fdtdec_add_reserved_memory() was subtly broken).
I reviewed all callers of strlcpy() and strlcat() and fixed them
according to my understanding of the intended function.
This reverts commit
d3358ecc54be0bc3b4dd11f7a63eab0a2842f772 and adds
related fixes.
Fixes: d3358ecc54be ("lib: string: Fix strlcpy return value")
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
}
/* Update PHY names (mandatory to disable USB3.0) */
- len = strlcpy(data, "usb2-phy0", 32);
- len += strlcpy(&data[len], "usb2-phy1", 32 - len);
+ len = strlcpy(data, "usb2-phy0", 32) + 1;
+ len += strlcpy(&data[len], "usb2-phy1", 32 - len) + 1;
ret = fdt_setprop(blob, node, "phy-names", data, len);
if (ret < 0) {
printf("vim3: failed to update usb phy names property (%d)\n", ret);
}
/* Enable PCIe */
- len = strlcpy(data, "okay", 32);
+ len = strlcpy(data, "okay", 32) + 1;
ret = fdt_setprop(blob, node, "status", data, len);
if (ret < 0) {
printf("vim3: failed to enable pcie node (%d)\n", ret);
/* part_name_wslot = part_name + "_a" */
len = strlcpy(part_name_wslot, part_name, PART_NAME_LEN - 3);
- if (len > PART_NAME_LEN - 3)
+ if (len >= PART_NAME_LEN - 3)
goto fail;
strcat(part_name_wslot, "_a");
* of course, the buffer size is zero). It does not pad
* out the result like strncpy() does.
*
- * Return: the number of bytes copied
+ * Return: strlen(src)
*/
size_t strlcpy(char *dest, const char *src, size_t size)
{
- if (size) {
- size_t srclen = strlen(src);
- size_t len = (srclen >= size) ? size - 1 : srclen;
+ size_t ret = strlen(src);
+ if (size) {
+ size_t len = (ret >= size) ? size - 1 : ret;
memcpy(dest, src, len);
dest[len] = '\0';
- return len + 1;
}
-
- return 0;
+ return ret;
}
#endif
* Compatible with *BSD: the result is always a valid NUL-terminated string that
* fits in the buffer (unless, of course, the buffer size is zero). It does not
* write past @size like strncat() does.
+ *
+ * Return: min(strlen(dest), size) + strlen(src)
*/
size_t strlcat(char *dest, const char *src, size_t size)
{
s2[i] = 32 + 23 * i % (127 - 32);
s2[len2 - 1] = '\0';
- expected = len2 < n ? min(len1 + len2 - 1, n) : n;
+ expected = min(strlen(s2), n) + strlen(s1);
actual = strlcat(s2, s1, n);
if (expected != actual) {
ut_failf(uts, __FILE__, line, __func__,
- "strlcat(s2, s1, 2) == len2 < n ? min(len1 + len2, n) : n",
+ "strlcat(s2, s1, n) == min(len2, n) + len1",
"Expected %#zx (%zd), got %#zx (%zd)",
expected, expected, actual, actual);
return CMD_RET_FAILURE;