• Category: Linux/Kernel
  • Status: confirmed
  • Sources: Phoronix, discussion
  • Summary: Work queued for the Linux 7.2 merge window eliminates the last in-kernel users of strncpy, completing a six-year hardening effort that took about 362 commits. strncpy was a persistent source of bugs because of counter-intuitive NUL-termination semantics and redundant zero-filling. Kernel code now uses strscpy for NUL-terminated destinations, strscpy_pad for NUL-terminated with zero padding, strtomem_pad for non-NUL-terminated fixed-width fields, memcpy_and_pad for bounded copies with explicit padding, or plain memcpy for known-length copies.
  • Comments: HN commenters note the replacement APIs encode intent that the original strncpy left ambiguous, and discuss whether the destination string functions should have been split this way from the start.
  • Why it matters: Removing a whole class of error-prone string handling from a codebase the size of the kernel reduces a long-standing buffer-handling bug surface across every subsystem.

Send feedback on this story