|WARNING| [17/17] net/virtio: replace strncpy with strlcpy

dpdklab at iol.unh.edu dpdklab at iol.unh.edu
Wed Jun 24 00:36:18 CEST 2026


Test-Label: ai-code-review
Test-Status: WARNING
https://dpdk.org/patch/166051

_AI Code Review_

=== Patch Review: series.patch (via Claude) ===
Review date: 2026-06-23

# DPDK Patch Review

## Patch Series: Replace strncpy with strlcpy

### Overall Assessment

This patch series replaces `strncpy()` calls with `strlcpy()` across multiple DPDK drivers and libraries. The series correctly addresses a common unsafe pattern where `strncpy()` does not guarantee null-termination. All patches follow the same mechanical transformation pattern.

---

## Individual Patch Reviews

### PATCH 01/17: common/cnxk: replace strncpy with strlcpy

**No issues found.**

The conversions are correct:
- All four changes properly adjust the size argument from `sizeof - 1` to `sizeof`
- `strlcpy()` guarantees null-termination within the buffer bounds
- Destination buffers (`model->name`, `model->env`) are appropriately sized

---

### PATCH 02/17: common/mlx5: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `IF_NAMESIZE` is the correct size for the `ifname` buffer
- `strlcpy()` will null-terminate within bounds

---

### PATCH 03/17: crypto/mvsam: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `RTE_CRYPTODEV_NAME_MAX_LEN` is the correct buffer size
- Destination buffer `params->name` is properly sized

---

### PATCH 04/17: crypto/scheduler: replace strncpy with strlcpy

**No issues found.**

Both conversions are correct:
- Size arguments properly changed from `sizeof - 1` to `sizeof`
- Destination buffers are appropriately sized arrays

---

### PATCH 05/17: event/cnxk: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `sizeof(xstats_names[i].name)` is the correct size
- Array element copy is handled properly

---

### PATCH 06/17: net/ark: replace strncpy with strlcpy

**Warning - Incomplete fix:**

```c
if (first) {
    strlcpy(args, line, ARK_MAX_ARG_LEN);
    first = 0;
} else {
    strncat(args, line, ARK_MAX_ARG_LEN);  /* Still uses strncat */
}
```

The patch converts `strncpy()` to `strlcpy()` but leaves `strncat()` unchanged. `strncat()` has similar issues to `strncpy()` - its size argument semantics are confusing (it's the maximum number of characters to append, not the total buffer size), and it can fail to null-terminate if the size calculation is wrong.

**Suggested fix:** Convert the `strncat()` call as well:
```c
} else {
    strlcat(args, line, ARK_MAX_ARG_LEN);
}
```

Note: This requires verifying that `ARK_MAX_ARG_LEN` is indeed the total buffer size, not the remaining space.

---

### PATCH 07/17: net/bnx2x: replace strncpy with strlcpy

**No issues found.**

Both conversions are correct:
- `ETH_STAT_INFO_VERSION_LEN` and `sizeof(sc->fw_ver)` are appropriate sizes
- Buffers are correctly sized

---

### PATCH 08/17: net/cnxk: replace strncpy with strlcpy

**No issues found.**

Both conversions are correct:
- `sizeof(sun.sun_path)` is the correct size for the Unix domain socket path
- No off-by-one errors introduced

---

### PATCH 09/17: net/dpaa: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `IFNAMSIZ` is the standard size for interface names
- Size argument properly changed from `sizeof - 1` to `sizeof`

---

### PATCH 10/17: net/ionic: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `sizeof(ident->drv.driver_ver_str)` is appropriate
- Size argument properly changed from `sizeof - 1` to `sizeof`

---

### PATCH 11/17: net/mlx4: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `sizeof(*ifname)` is appropriate for the buffer
- Null-termination is guaranteed

---

### PATCH 12/17: net/mlx5: replace strncpy with strlcpy

**No issues found.**

Both conversions are correct:
- `sizeof(sh->ibdev_name)` and `sizeof(sh->ibdev_path)` are appropriate
- `MLX5_NAMESIZE` is the correct buffer size for `context_obj->mlx5_dev.name`
- Size arguments properly changed from `sizeof - 1` to `sizeof`

---

### PATCH 13/17: net/nfp: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `sizeof(res->name)` matches `NFP_RESOURCE_ENTRY_NAME_SZ`
- The structure member is appropriately sized

---

### PATCH 14/17: net/qede: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `QEDE_PMD_DRV_VER_STR_SIZE` is the appropriate buffer size
- Cast to `(char *)` is maintained for type compatibility

---

### PATCH 15/17: net/softnic: replace strncpy with strlcpy

**Warning - Size argument change:**

```c
/* Before */
strncpy(conn->welcome, p->welcome, CONN_WELCOME_LEN_MAX);
strncpy(conn->prompt, p->prompt, CONN_PROMPT_LEN_MAX);

/* After */
strlcpy(conn->welcome, p->welcome, CONN_WELCOME_LEN_MAX + 1);
strlcpy(conn->prompt, p->prompt, CONN_PROMPT_LEN_MAX + 1);
```

The patch adds `+ 1` to the size arguments. This is correct **if** the destination buffers `conn->welcome` and `conn->prompt` are sized as `CONN_WELCOME_LEN_MAX + 1` and `CONN_PROMPT_LEN_MAX + 1` respectively (to account for the null terminator).

**Required verification:** Check the structure definition to confirm the buffer sizes are indeed `CONN_*_LEN_MAX + 1`. If they are exactly `CONN_*_LEN_MAX`, then the `+ 1` would cause a buffer overrun and should be removed.

Without seeing the structure definition, this is **potentially correct** but needs verification.

---

### PATCH 16/17: net/vhost: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `RTE_ETH_XSTATS_NAME_SIZE` is the standard size for xstats names
- Array element copy is handled properly

---

### PATCH 17/17: net/virtio: replace strncpy with strlcpy

**No issues found.**

The conversion is correct:
- `IFNAMSIZ` is the standard size for interface names
- Size argument properly changed from `sizeof - 1` to `sizeof`

---

## Summary of Findings

### Errors
None.

### Warnings

**PATCH 06/17 (net/ark):**
Incomplete fix - `strncat()` should also be converted to `strlcat()` for consistency and safety.
```c
/* Current (incomplete) */
strncat(args, line, ARK_MAX_ARG_LEN);

/* Suggested */
strlcat(args, line, ARK_MAX_ARG_LEN);
```

**PATCH 15/17 (net/softnic):**
The `+ 1` added to size arguments requires verification that the destination buffers are actually sized as `CONN_*_LEN_MAX + 1`. If buffers are exactly `CONN_*_LEN_MAX`, this introduces a potential buffer overrun.

### Info

All patches correctly:
- Replace `strncpy()` with `strlcpy()`
- Adjust size arguments from `sizeof - 1` to `sizeof` (where applicable)
- Maintain correct buffer sizes for their respective use cases
- Include appropriate `Fixes:` tags and `Cc: stable at dpdk.org`

The mechanical transformation is sound and improves code safety by guaranteeing null-termination.


More information about the test-report mailing list