> the kernel had an optimized strncpy() routine where instead of copying a single byte at a time and stopping when it saw a zero (NUL), it was doing word-sized strides and stopping whenever the word contained a NUL. This also meant that there could be extra bytes copied after the NUL.<p>I'm confused. That's not my understanding of what strncpy does, and that behavior is not fine for C use cases.<p>My man page says:<p>] The stpncpy() and strncpy() functions copy at most len characters from src into dst. If src is less than len characters long, the remainder of dst is filled with ‘\0’ characters.<p>and the fallback kernel implementation at <a href="https://github.com/torvalds/linux/blob/master/lib/string.c#L91">https://github.com/torvalds/linux/blob/master/lib/string.c#L...</a> does that.<p>So 1) it does not stop when it sees a NUL - it keeps writing NULs until it reaches the count, and 2) if it copies extra bytes it's supposed to then overwrite them with NULs.