|WARNING| [17/17] net/virtio: replace strncpy with strlcpy
dpdklab at iol.unh.edu
dpdklab at iol.unh.edu
Wed Jun 24 00:36:18 CEST 2026
Test-Label: ai-code-review
Test-Status: WARNING
https://dpdk.org/patch/166051
_AI Code Review_
=== Patch Review: series.patch (via Claude) ===
Review date: 2026-06-23
# DPDK Patch Review
## Patch Series: Replace strncpy with strlcpy
### Overall Assessment
This patch series replaces `strncpy()` calls with `strlcpy()` across multiple DPDK drivers and libraries. The series correctly addresses a common unsafe pattern where `strncpy()` does not guarantee null-termination. All patches follow the same mechanical transformation pattern.
---
## Individual Patch Reviews
### PATCH 01/17: common/cnxk: replace strncpy with strlcpy
**No issues found.**
The conversions are correct:
- All four changes properly adjust the size argument from `sizeof - 1` to `sizeof`
- `strlcpy()` guarantees null-termination within the buffer bounds
- Destination buffers (`model->name`, `model->env`) are appropriately sized
---
### PATCH 02/17: common/mlx5: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `IF_NAMESIZE` is the correct size for the `ifname` buffer
- `strlcpy()` will null-terminate within bounds
---
### PATCH 03/17: crypto/mvsam: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `RTE_CRYPTODEV_NAME_MAX_LEN` is the correct buffer size
- Destination buffer `params->name` is properly sized
---
### PATCH 04/17: crypto/scheduler: replace strncpy with strlcpy
**No issues found.**
Both conversions are correct:
- Size arguments properly changed from `sizeof - 1` to `sizeof`
- Destination buffers are appropriately sized arrays
---
### PATCH 05/17: event/cnxk: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `sizeof(xstats_names[i].name)` is the correct size
- Array element copy is handled properly
---
### PATCH 06/17: net/ark: replace strncpy with strlcpy
**Warning - Incomplete fix:**
```c
if (first) {
strlcpy(args, line, ARK_MAX_ARG_LEN);
first = 0;
} else {
strncat(args, line, ARK_MAX_ARG_LEN); /* Still uses strncat */
}
```
The patch converts `strncpy()` to `strlcpy()` but leaves `strncat()` unchanged. `strncat()` has similar issues to `strncpy()` - its size argument semantics are confusing (it's the maximum number of characters to append, not the total buffer size), and it can fail to null-terminate if the size calculation is wrong.
**Suggested fix:** Convert the `strncat()` call as well:
```c
} else {
strlcat(args, line, ARK_MAX_ARG_LEN);
}
```
Note: This requires verifying that `ARK_MAX_ARG_LEN` is indeed the total buffer size, not the remaining space.
---
### PATCH 07/17: net/bnx2x: replace strncpy with strlcpy
**No issues found.**
Both conversions are correct:
- `ETH_STAT_INFO_VERSION_LEN` and `sizeof(sc->fw_ver)` are appropriate sizes
- Buffers are correctly sized
---
### PATCH 08/17: net/cnxk: replace strncpy with strlcpy
**No issues found.**
Both conversions are correct:
- `sizeof(sun.sun_path)` is the correct size for the Unix domain socket path
- No off-by-one errors introduced
---
### PATCH 09/17: net/dpaa: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `IFNAMSIZ` is the standard size for interface names
- Size argument properly changed from `sizeof - 1` to `sizeof`
---
### PATCH 10/17: net/ionic: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `sizeof(ident->drv.driver_ver_str)` is appropriate
- Size argument properly changed from `sizeof - 1` to `sizeof`
---
### PATCH 11/17: net/mlx4: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `sizeof(*ifname)` is appropriate for the buffer
- Null-termination is guaranteed
---
### PATCH 12/17: net/mlx5: replace strncpy with strlcpy
**No issues found.**
Both conversions are correct:
- `sizeof(sh->ibdev_name)` and `sizeof(sh->ibdev_path)` are appropriate
- `MLX5_NAMESIZE` is the correct buffer size for `context_obj->mlx5_dev.name`
- Size arguments properly changed from `sizeof - 1` to `sizeof`
---
### PATCH 13/17: net/nfp: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `sizeof(res->name)` matches `NFP_RESOURCE_ENTRY_NAME_SZ`
- The structure member is appropriately sized
---
### PATCH 14/17: net/qede: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `QEDE_PMD_DRV_VER_STR_SIZE` is the appropriate buffer size
- Cast to `(char *)` is maintained for type compatibility
---
### PATCH 15/17: net/softnic: replace strncpy with strlcpy
**Warning - Size argument change:**
```c
/* Before */
strncpy(conn->welcome, p->welcome, CONN_WELCOME_LEN_MAX);
strncpy(conn->prompt, p->prompt, CONN_PROMPT_LEN_MAX);
/* After */
strlcpy(conn->welcome, p->welcome, CONN_WELCOME_LEN_MAX + 1);
strlcpy(conn->prompt, p->prompt, CONN_PROMPT_LEN_MAX + 1);
```
The patch adds `+ 1` to the size arguments. This is correct **if** the destination buffers `conn->welcome` and `conn->prompt` are sized as `CONN_WELCOME_LEN_MAX + 1` and `CONN_PROMPT_LEN_MAX + 1` respectively (to account for the null terminator).
**Required verification:** Check the structure definition to confirm the buffer sizes are indeed `CONN_*_LEN_MAX + 1`. If they are exactly `CONN_*_LEN_MAX`, then the `+ 1` would cause a buffer overrun and should be removed.
Without seeing the structure definition, this is **potentially correct** but needs verification.
---
### PATCH 16/17: net/vhost: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `RTE_ETH_XSTATS_NAME_SIZE` is the standard size for xstats names
- Array element copy is handled properly
---
### PATCH 17/17: net/virtio: replace strncpy with strlcpy
**No issues found.**
The conversion is correct:
- `IFNAMSIZ` is the standard size for interface names
- Size argument properly changed from `sizeof - 1` to `sizeof`
---
## Summary of Findings
### Errors
None.
### Warnings
**PATCH 06/17 (net/ark):**
Incomplete fix - `strncat()` should also be converted to `strlcat()` for consistency and safety.
```c
/* Current (incomplete) */
strncat(args, line, ARK_MAX_ARG_LEN);
/* Suggested */
strlcat(args, line, ARK_MAX_ARG_LEN);
```
**PATCH 15/17 (net/softnic):**
The `+ 1` added to size arguments requires verification that the destination buffers are actually sized as `CONN_*_LEN_MAX + 1`. If buffers are exactly `CONN_*_LEN_MAX`, this introduces a potential buffer overrun.
### Info
All patches correctly:
- Replace `strncpy()` with `strlcpy()`
- Adjust size arguments from `sizeof - 1` to `sizeof` (where applicable)
- Maintain correct buffer sizes for their respective use cases
- Include appropriate `Fixes:` tags and `Cc: stable at dpdk.org`
The mechanical transformation is sound and improves code safety by guaranteeing null-termination.
More information about the test-report
mailing list