On 7/17/25 4:59 AM, Suchit Karunakaran wrote:
Replace the unsafe strcpy() call with memcpy() when copying the path
into the bpf_object structure. Since the memory is pre-allocated to
exactly strlen(path) + 1 bytes and the length is already known, memcpy()
is safer than strcpy().
I don't understand in this particular context why strcpy()
is less safer than memcpy(). Both of them will achieve the
exactly same goal.
Signed-off-by: Suchit Karunakaran <suchitkarunakaran@xxxxxxxxx>
---
tools/lib/bpf/libbpf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 52e353368f58..279f226dd965 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -1495,7 +1495,7 @@ static struct bpf_object *bpf_object__new(const char *path,
return ERR_PTR(-ENOMEM);
}
- strcpy(obj->path, path);
+ memcpy(obj->path, path, strlen(path) + 1);
if (obj_name) {
libbpf_strlcpy(obj->name, obj_name, sizeof(obj->name));
} else {
