Linux Kernel 7.2 Remove strncpy Permanently After 6 Years of Cleanup
The Linux kernel has finally removed the strncpy API from version 7.2, marking the end of a six-year effort to eliminate a long-standing source of bugs and inefficiencies. This move replaces the problematic function with more explicit and safer alternatives, enhancing code clarity and reducing potential vulnerabilities.
MundiX News·21 de junho de 2026·4 min de leitura·👁 1 views
The Linux kernel has officially retired the strncpy API, a function that has been a source of bugs and inefficiencies for decades. In the recently released version 7.2, strncpy has been completely removed from the codebase, concluding a six-year cleanup process that involved approximately 362 commits. This action addresses a long-standing technical debt within the kernel, aiming to improve code reliability and developer understanding.
Historically, strncpy was intended to be a safer alternative to strcpy by allowing developers to specify a maximum number of bytes to copy. However, its behavior, particularly concerning the null terminator character, often led to unexpected results. In some scenarios, strncpy would fail to append the null terminator, leaving strings improperly terminated. In others, it would pad the remaining buffer with null bytes, even when not explicitly required. This ambiguity made it a frequent trap for developers, leading to subtle bugs where strings appeared correctly terminated but were not, and also caused unnecessary CPU cycles to be spent on memory padding.
The kernel developers have long identified strncpy as a persistent source of errors. The extensive six-year process involved gradually removing old calls to strncpy from various subsystems, replacing the problematic function with more explicit alternatives, and ensuring that no internal users of the old interface remained. The final patch, which removed the API and the last architecture-specific implementations of strncpy, was merged into the kernel on Friday. As a result, Linux kernel 7.2 no longer exposes the strncpy internal interface to developers.
To replace strncpy, kernel developers now have a suite of more specific and clearly named functions to choose from. For standard null-terminated strings, strscpy() is recommended. For strings that require null termination and padding of the remaining buffer, strscpy_pad() is available. For fixed-size fields where a null terminator is not expected, strtomem_pad() is the appropriate choice. For limited copying with explicit padding, memcpy_and_pad() can be used, and for copying memory of a known length, the standard memcpy() remains the go-to function. While the removal of strncpy might not be a headline-grabbing feature for end-users of Linux 7.2, it represents a significant step forward for the kernel's internal development. By eliminating an ambiguous and error-prone API and replacing it with a set of well-defined functions, the kernel's codebase becomes easier to audit, and a whole class of bugs related to truncated or improperly terminated strings is being systematically eradicated.
🛡️⚡
Pare de pesquisar. Comece a hackear.
O MundiX é seu copiloto de pentest com IA: comandos exatos, análise de outputs e próximo passo na kill chain — em segundos.
Sem cartão para começar · Planos a partir de R$49/mês
The Linux kernel has officially retired the strncpy API, a function that has been a source of bugs and inefficiencies for decades. In the recently released version 7.2, strncpy has been completely removed from the codebase, concluding a six-year cleanup process that involved approximately 362 commits. This action addresses a long-standing technical debt within the kernel, aiming to improve code reliability and developer understanding.
Historically, strncpy was intended to be a safer alternative to strcpy by allowing developers to specify a maximum number of bytes to copy. However, its behavior, particularly concerning the null terminator character, often led to unexpected results. In some scenarios, strncpy would fail to append the null terminator, leaving strings improperly terminated. In others, it would pad the remaining buffer with null bytes, even when not explicitly required. This ambiguity made it a frequent trap for developers, leading to subtle bugs where strings appeared correctly terminated but were not, and also caused unnecessary CPU cycles to be spent on memory padding.
The kernel developers have long identified strncpy as a persistent source of errors. The extensive six-year process involved gradually removing old calls to strncpy from various subsystems, replacing the problematic function with more explicit alternatives, and ensuring that no internal users of the old interface remained. The final patch, which removed the API and the last architecture-specific implementations of strncpy, was merged into the kernel on Friday. As a result, Linux kernel 7.2 no longer exposes the strncpy internal interface to developers.
To replace strncpy, kernel developers now have a suite of more specific and clearly named functions to choose from. For standard null-terminated strings, strscpy() is recommended. For strings that require null termination and padding of the remaining buffer, strscpy_pad() is available. For fixed-size fields where a null terminator is not expected, strtomem_pad() is the appropriate choice. For limited copying with explicit padding, memcpy_and_pad() can be used, and for copying memory of a known length, the standard memcpy() remains the go-to function. While the removal of strncpy might not be a headline-grabbing feature for end-users of Linux 7.2, it represents a significant step forward for the kernel's internal development. By eliminating an ambiguous and error-prone API and replacing it with a set of well-defined functions, the kernel's codebase becomes easier to audit, and a whole class of bugs related to truncated or improperly terminated strings is being systematically eradicated.
📤 Compartilhar & Baixar
🧰 Ferramentas recomendadas
Divulgação: alguns links são patrocinados. Podemos receber comissão se você comprar — sem custo extra para você. Só indicamos o que faz sentido para a comunidade.
