The Bottom Line: Linux 7.2 completely removes strncpy and replaces it with five specialized functions, closing a chronic memory security vulnerability.
The Linux kernel 7.2 removes the error-prone C function strncpy entirely from the entire source code. After 362 commits and six years of work, this security vulnerability is replaced by five specialized functions.
The integration window for Linux kernel 7.2 closed on June 20, 2026. Developers have removed the strncpy function from all subsystems, drivers, and architecture-specific files. The kernel documentation classified the function as actively dangerous. Approximately 362 commits were necessary to clean up all code locations where strncpy was used – including the last CPU architecture-specific implementations.
For CTOs and security officers, this removal is significant: strncpy was a chronic source of memory errors, particularly in string handling. When buffers contain sensitive data and are not properly null-terminated, bytes can be read beyond string boundaries. Such errors lead to disclosure of memory contents and represent a direct security vulnerability. With complete removal, this entire error class is eliminated from the kernel’s attack surface.
strncpy is replaced by five specialized functions, depending on semantic intention: strscpy for null-byte-terminated buffers, strscpy_pad for additional null-padding, strtomem_pad for fields without null-termination, memcpy_and_pad for explicit padding, and memcpy for operations with known length. This division forces developers to explicitly declare their memory operations – thereby making memory semantics readable and errors immediately visible.
Practical consequence: Code that used strncpy must be reviewed and migrated. The recommendation to avoid the function is replaced by enforced programming policy – strncpy is simply no longer available to future developers.
Source: www.it-daily.net · Published June 22, 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.