#Linux 7.2 Closes Memory Bug Class With #strncpy Removal After Six Years

https://www.techtimes.com/articles/318769/20260621/linux-72-closes-memory-bug-class-strncpy-removal-after-six-years.htm

#cybersecurity #FOSS

https://blog.gslin.org/archives/2026/06/21/13076/linux-kernel-%e6%b8%85%e5%ae%8c-strncpy-%e4%ba%86/

Linux kernel 清完 strncpy() 了

#char #character #copy #kernel #linux #null #programming #security #string #strlcpy #strncpy #terminated

The string copying API #strncpy was finally removed from #Linux for #LinuxKernel 7.2 via these changes submitted by @kees:

https://git.kernel.org/torvalds/c/1a3746ccbb0a97bed3c06ccde6b880013b1dddc1

He also removed the fuction itself:

https://git.kernel.org/torvalds/c/079a028d6327e68cfa5d38b36123637b321c19a7

To quote: ""strncpy() has been a persistent source of bugs due to its ambiguous intended usage and frequently counter-intuitive semantics: it may not NUL-terminate the destination, and it unconditionally zero-pads to the full length, which isn't always needed. All former callers have been migrated to: […] https://github.com/KSPP/linux/issues/90"

For some of the problems of this API, see the following great @lwn articles:

* strscpy() and the hazards of improved interfaces – https://lwn.net/Articles/659214/
* Ushering out strlcpy() – https://lwn.net/Articles/905777/
* Better string handling for the kernel – https://lwn.net/Articles/948408/

#Kernel

RE: https://mastodon.social/@bagder/115805010608994033

Qué interesante este post de @bagder sobre el uso de #strcpy vs #strncpy en C.

Siempre vi que la recomendación era usar strncpy en vez de strcpy.

El problema de strcpy es que no controla los límites de buffers, mientras que strncpy sí, pero a la vez, tiene sus propios problemas.

El uso de #snprintf me parece interesante como reemplazo, o directamente una implementación manual como la que se plantea con curlx_strcopy.

BTW, qué ganas tengo de programar en #C ahora xD

#linux #curl #dev