Re: [PATCH] libbpf: Replace strcpy() with memcpy() in bpf_object__new()
From: Andrii Nakryiko
Date: Thu Jul 17 2025 - 13:20:00 EST
On Thu, Jul 17, 2025 at 4:59 AM Suchit Karunakaran
<suchitkarunakaran@xxxxxxxxx> wrote:
>
> Replace the unsafe strcpy() call with memcpy() when copying the path
> into the bpf_object structure. Since the memory is pre-allocated to
> exactly strlen(path) + 1 bytes and the length is already known, memcpy()
> is safer than strcpy().
>
> Signed-off-by: Suchit Karunakaran <suchitkarunakaran@xxxxxxxxx>
> ---
> tools/lib/bpf/libbpf.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 52e353368f58..279f226dd965 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -1495,7 +1495,7 @@ static struct bpf_object *bpf_object__new(const char *path,
> return ERR_PTR(-ENOMEM);
> }
>
> - strcpy(obj->path, path);
> + memcpy(obj->path, path, strlen(path) + 1);
This is user-space libbpf code, where the API contract mandates that
the path argument is a well-formed zero-terminated C string. Plus, if
you look at the few lines above, we allocate just enough space to fit
the entire contents of the string without truncation.
In other words, there is nothing to fix or improve here.
pw-bot: cr
> if (obj_name) {
> libbpf_strlcpy(obj->name, obj_name, sizeof(obj->name));
> } else {
> --
> 2.50.1
>