On Thu, 17 Jul 2025 at 22:49, Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> wrote: > > On Thu, Jul 17, 2025 at 4:59 AM Suchit Karunakaran > <suchitkarunakaran@xxxxxxxxx> wrote: > > > > Replace the unsafe strcpy() call with memcpy() when copying the path > > into the bpf_object structure. Since the memory is pre-allocated to > > exactly strlen(path) + 1 bytes and the length is already known, memcpy() > > is safer than strcpy(). > > > > Signed-off-by: Suchit Karunakaran <suchitkarunakaran@xxxxxxxxx> > > --- > > tools/lib/bpf/libbpf.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c > > index 52e353368f58..279f226dd965 100644 > > --- a/tools/lib/bpf/libbpf.c > > +++ b/tools/lib/bpf/libbpf.c > > @@ -1495,7 +1495,7 @@ static struct bpf_object *bpf_object__new(const char *path, > > return ERR_PTR(-ENOMEM); > > } > > > > - strcpy(obj->path, path); > > + memcpy(obj->path, path, strlen(path) + 1); > > > This is user-space libbpf code, where the API contract mandates that > the path argument is a well-formed zero-terminated C string. Plus, if > you look at the few lines above, we allocate just enough space to fit > the entire contents of the string without truncation. > > In other words, there is nothing to fix or improve here. > > pw-bot: cr > That makes sense, strcpy() is indeed safe here. Thanks for the clarification.
