The C standard library doesn't have strscpy or the others; it still has strncpy.
https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1967.htm
Furthermore, since the kernel uses no C library, it's the kernel developer's choices what to implement and use.
These functions are optional in the C standard and not always present. AFAIK, they are not included in glibc as of 2025.
On the contrary, one of the reasons Multics got a higher security score than UNIX when analysed by DoD was caring about security with PL/I.
Also remember Sun's "The network is the computer", and the Morris worm in 1985 as UNIX started to be widespread across university campus.
Ah, and the failure to add fat pointers to C, as Dennis Ritchie proposal wasn't taken by WG14, nor improved upon.
C authors followed their own path with Alef, Limbo, and finally Go.
The tests are maybe better examples than those on godbolt. https://codeberg.org/uecker/noplate/src/branch/main/tests/st...
Edit: renamed to strv2array
The allocating version is what string_dup does. strv2cstr is certainly more dangerous. But as since the size is encoded in the return type, compilers can add bounds checking (and partially already do so).
strlcpy, often touted as a replacement, does not elicit the padding behavior but has another flaw: It is supposed to return the length of the string it tried to create, for example, so the user can call realloc without calling strlen again.[3] However, this final "strlen-tail" in strlcpy isn't bounded by the size parameter which describes dest, not src.
While strscpy is a marked improvement, there is still something to be careful about: It can read past the end of the src-buffer, when sizeof src < sizeof dest and src is not nul-terminated.[4] (Set the count argument to something like min(sizeof dest, sizeof src) to avoid that).
--
[1] - https://softwareengineering.stackexchange.com/a/438090
[2] - https://www.open-std.org/jtc1/sc22/wg14/www/docs/n3220.pdf, 7.26.2.5 p. 3
[3] - https://manpages.debian.org/jessie/libbsd-dev/strlcpy.3.en.h...
[4] - https://manpages.debian.org/testing/linux-manual-4.8/strscpy...
So basically, don't invoke a function "strscpy — Copy a C-string into a sized buffer" on something that is not a C-string. Its description specifically states that it copies a string into a buffer. Compare with the wordings in standard of strcpy ("The strcpy function copies the string pointed to by s2 (including the terminating null character) into the array pointed to by s1") and strncpy ("The strncpy function copies not more than n characters (characters that follow a null character are not copied) from the array pointed to by s2 to the array pointed to by s1... If the array pointed to by s2 is a string that is shorter than n characters...").
It's not a function to copy an array into an array (there is memcpy/memmov for that); it's a function to copy a string into an array which, after the function is finished, will certainly be a string (unless it's zero-sized, sigh).
Removing strncpy() from glib would be awful for applications :)
Edit. Meant glibc, thanks mattst88
Ultimately this file is supposed to be the one stop shop for all string related needs, so in what sense isn't that a library.
After all, what C has is "the C library". It's what standard literally calls it (it doesn't even explicitly provide for existence of other kinds of libraries) but everyone calls it "the standard library". Is it correct? Arguably, no.
Apparently strscpy handles un-terminated input strings a bit better than strlcpy, but not scanning past the given length.