Replace Genode::strncpy by Genode::copy_cstring

- Since Genode::strncpy is not 100% compatible with the POSIX strncpy function, better use a distinct name. - Remove bogus return value from the function, easing the potential enforcement of mandatory return-value checks later. Fixes #3752
2020-05-11 16:10:27 +02:00 · 2020-05-11 16:10:27 +02:00 · b078224753
parent 0f27d139bd
commit b078224753
64 changed files with 114 additions and 117 deletions
--- a/repos/base-linux/src/core/platform_thread.cc
+++ b/repos/base-linux/src/core/platform_thread.cc
@ -77,7 +77,7 @@ Platform_thread::Registry &Platform_thread::_registry()
 Platform_thread::Platform_thread(size_t, const char *name, unsigned,
                                 Affinity::Location, addr_t)
 {
-	strncpy(_name, name, min(sizeof(_name), strlen(name) + 1));
+	copy_cstring(_name, name, min(sizeof(_name), strlen(name) + 1));
 	_registry().insert(this);
 }
--- a/repos/base-linux/src/core/spec/linux/dataspace_component.cc
+++ b/repos/base-linux/src/core/spec/linux/dataspace_component.cc
@ -41,7 +41,7 @@ Linux_dataspace::Filename Dataspace_component::_file_name(const char *args)
 		throw Service_denied();
 	}
-	strncpy(fname.buf, label.last_element().string(), sizeof(fname.buf));
+	copy_cstring(fname.buf, label.last_element().string(), sizeof(fname.buf));
 	/* only files inside the current working directory are allowed */
 	for (const char *c = fname.buf; *c; ++c)
--- a/repos/base-linux/src/core/spec/pc/dataspace_component.cc
+++ b/repos/base-linux/src/core/spec/pc/dataspace_component.cc
@ -41,7 +41,7 @@ Linux_dataspace::Filename Dataspace_component::_file_name(const char *args)
 		throw Service_denied();
 	}
-	strncpy(fname.buf, label.last_element().string(), sizeof(fname.buf));
+	copy_cstring(fname.buf, label.last_element().string(), sizeof(fname.buf));
 	/* only files inside the current working directory are allowed */
 	for (const char *c = fname.buf; *c; ++c)
--- a/repos/base-okl4/src/core/platform_thread.cc
+++ b/repos/base-okl4/src/core/platform_thread.cc
@ -176,7 +176,7 @@ Platform_thread::Platform_thread(size_t, const char *name, unsigned prio,
 	_l4_thread_id(L4_nilthread), _platform_pd(0),
 	_priority(prio), _pager(0)
 {
-	strncpy(_name, name, sizeof(_name));
+	copy_cstring(_name, name, sizeof(_name));
 }
--- a/repos/base/include/base/local_connection.h
+++ b/repos/base/include/base/local_connection.h
@ -44,7 +44,7 @@ struct Genode::Local_connection_base : Noncopyable
 		{
 			/* copy original arguments into modifiable buffer */
 			char buf[Args::capacity()];
-			strncpy(buf, args.string(), sizeof(buf));
+			copy_cstring(buf, args.string(), sizeof(buf));
 			Arg_string::set_arg(buf, sizeof(buf), "ram_quota",
 			                    String<64>(resources.ram_quota.value).string());
--- a/repos/base/include/base/session_state.h
+++ b/repos/base/include/base/session_state.h
@ -269,7 +269,7 @@ class Genode::Session_state : public Parent::Client, public Parent::Server
 			Server_args(Session_state const &session)
 			{
-				Genode::strncpy(_buf, session._args.string(), sizeof(_buf));
+				copy_cstring(_buf, session._args.string(), sizeof(_buf));
 				Arg_string::set_arg_string(_buf, sizeof(_buf),
 				                           "label", session._label.string());
 			}
--- a/repos/base/include/root/component.h
+++ b/repos/base/include/root/component.h
@ -171,7 +171,7 @@ class Genode::Root_component : public Rpc_object<Typed_root<SESSION_TYPE> >,
 			 */
 			enum { MAX_ARGS_LEN = 256 };
 			char adjusted_args[MAX_ARGS_LEN];
-			strncpy(adjusted_args, args.string(), sizeof(adjusted_args));
+			copy_cstring(adjusted_args, args.string(), sizeof(adjusted_args));
 			Arg_string::set_arg(adjusted_args, sizeof(adjusted_args),
 			                    "ram_quota", String<64>(remaining_ram_quota).string());
--- a/repos/base/include/util/arg_string.h
+++ b/repos/base/include/util/arg_string.h
@ -180,7 +180,7 @@ class Genode::Arg
 			/* stop here if _value is not a string */
 			if (_value.type() != Token::STRING) {
-				strncpy(dst, default_string, dst_len);
+				copy_cstring(dst, default_string, dst_len);
 				return;
 			}
--- a/repos/base/include/util/avl_string.h
+++ b/repos/base/include/util/avl_string.h
@ -78,8 +78,7 @@ class Genode::Avl_string : public Avl_string_base
 		Avl_string(const char *str) : Avl_string_base(_str_buf)
 		{
-			strncpy(_str_buf, str, sizeof(_str_buf));
+			copy_cstring(_str_buf, str, sizeof(_str_buf));
 			_str_buf[STR_LEN - 1] = 0;
 		}
 };
--- a/repos/base/include/util/print_lines.h
+++ b/repos/base/include/util/print_lines.h
@ -86,8 +86,8 @@ void Genode::print_lines(char const *string, size_t len, FUNC const &func)
 		/* buffer for sub-string of the input string plus null-termination */
 		char line_buf[MAX_LINE_LEN + 1];
-		 /* give strncpy one more as it will add the null termination */
+		 /* one more byte for the null termination */
-		Genode::strncpy(line_buf, string, line_len - skip_char + 1);
+		copy_cstring(line_buf, string, line_len - skip_char + 1);
 		/* process null-terminated string in buffer */
 		func(line_buf);
--- a/repos/base/include/util/string.h
+++ b/repos/base/include/util/string.h
@ -171,21 +171,15 @@ namespace Genode {
 	 * \param dst   destination buffer
 	 * \param src   buffer holding the null-terminated source string
 	 * \param size  maximum number of characters to copy
 	 * \return      pointer to destination string
 	 *
-	 * Note that this function is not fully compatible to the C standard, in
+	 * In contrast to the POSIX 'strncpy' function, 'copy_cstring' always
-	 * particular there is no zero-padding if the length of 'src' is smaller
+	 * produces a null-terminated string in the 'dst' buffer if the 'size'
-	 * than 'size'. Furthermore, in contrast to the libc version, this function
+	 * argument is greater than 0.
 	 * always produces a null-terminated string in the 'dst' buffer if the
 	 * 'size' argument is greater than 0.
 	 */
-	inline char *strncpy(char *dst, const char *src, size_t size)
+	inline void copy_cstring(char *dst, const char *src, size_t size)
 	{
 		/* sanity check for corner case of a zero-size destination buffer */
-		if (size == 0) return dst;
+		if (size == 0) return;
 		/* backup original 'dst' for the use as return value */
 		char *orig_dst = dst;
 		/*
 		 * Copy characters from 'src' to 'dst' respecting the 'size' limit.
@ -198,8 +192,6 @@ namespace Genode {
 		/* append null termination to the destination buffer */
 		*dst = 0;
 		return orig_dst;
 	}
@ -687,7 +679,7 @@ class Genode::String
 		 */
 		String(char const *cstr) : _len(min(Genode::strlen(cstr) + 1, CAPACITY))
 		{
-			Genode::strncpy(_buf, cstr, _len);
+			copy_cstring(_buf, cstr, _len);
 		}
 		/**
@ -696,7 +688,7 @@ class Genode::String
 		template <unsigned N>
 		String(String<N> const &other) : _len(min(other.length(), CAPACITY))
 		{
-			Genode::strncpy(_buf, other.string(), _len);
+			copy_cstring(_buf, other.string(), _len);
 		}
 		/**
--- a/repos/base/include/util/token.h
+++ b/repos/base/include/util/token.h
@ -85,7 +85,7 @@ class Genode::Token
 		 * Return token as null-terminated string
 		 */
 		void string(char *dst, size_t max_len) const {
-			strncpy(dst, start(), min(len() + 1, max_len)); }
+			copy_cstring(dst, start(), min(len() + 1, max_len)); }
 		/**
 		 * Return true if token is valid
--- a/repos/base/include/util/xml_node.h
+++ b/repos/base/include/util/xml_node.h
@ -124,7 +124,7 @@ class Genode::Xml_attribute
 			 * null-termination into account.
 			 */
 			max_len = min(max_len, _tokens.name.len() + 1);
-			strncpy(dst, _tokens.name.start(), max_len);
+			copy_cstring(dst, _tokens.name.start(), max_len);
 		}
 		typedef String<64> Name;
@ -198,7 +198,7 @@ class Genode::Xml_attribute
 		void value(char *dst, size_t max_len) const __attribute__((deprecated))
 		{
 			with_raw_value([&] (char const *start, size_t length) {
-				Genode::strncpy(dst, start, min(max_len, length + 1)); });
+				copy_cstring(dst, start, min(max_len, length + 1)); });
 		}
 		/**
--- a/repos/base/src/lib/base/child.cc
+++ b/repos/base/src/lib/base/child.cc
@ -145,7 +145,7 @@ Session_capability Child::session(Parent::Client::Id id,
 	char argbuf[Parent::Session_args::MAX_SIZE];
-	strncpy(argbuf, args.string(), sizeof(argbuf));
+	copy_cstring(argbuf, args.string(), sizeof(argbuf));
 	/* prefix session label */
 	Session_label const label = prefixed_label(_policy.name(), label_from_args(argbuf));
--- a/repos/base/src/lib/base/component.cc
+++ b/repos/base/src/lib/base/component.cc
@ -132,7 +132,7 @@ namespace {
 			/* extract session quota as specified by the 'Connection' */
 			char argbuf[Parent::Session_args::MAX_SIZE];
-			strncpy(argbuf, args.string(), sizeof(argbuf));
+			copy_cstring(argbuf, args.string(), sizeof(argbuf));
 			Ram_quota ram_quota = ram_quota_from_args(argbuf);
 			Cap_quota cap_quota = cap_quota_from_args(argbuf);
--- a/repos/base/src/lib/cxx/misc.cc
+++ b/repos/base/src/lib/cxx/misc.cc
@ -197,7 +197,8 @@ extern "C" int strncmp(const char *s1, const char *s2, size_t n)
 extern "C" char *strcpy(char *dest, const char *src)
 {
-	return Genode::strncpy(dest, src, ~0UL);
+	Genode::copy_cstring(dest, src, ~0UL);
 	return dest;
 }
@ -243,10 +244,10 @@ void Genode::cxx_demangle(char const *symbol, char *out, size_t size)
 {
 	char *demangled_name = __cxxabiv1::__cxa_demangle(symbol, nullptr, nullptr, nullptr);
 	if (demangled_name) {
-		Genode::strncpy(out, demangled_name, size);
+		Genode::copy_cstring(out, demangled_name, size);
 		free(demangled_name);
 	} else {
-		Genode::strncpy(out, symbol, size);
+		Genode::copy_cstring(out, symbol, size);
 	}
 }
--- a/repos/base/src/test/stack_smash/main.cc
+++ b/repos/base/src/test/stack_smash/main.cc
@ -39,6 +39,6 @@ void Component::construct(Genode::Env &)
 	char buf[16];
 	char *p = buf;
-	strncpy(p, msg, strlen(msg)+1);
+	copy_cstring(p, msg, strlen(msg)+1);
 	log((char const *)p);
 }
--- a/repos/base/src/test/sub_rm/main.cc
+++ b/repos/base/src/test/sub_rm/main.cc
@ -43,7 +43,7 @@ static void fill_ds_with_test_pattern(Env &env, char const *pattern,
 {
 	log("fill dataspace with information");
 	char *content = env.rm().attach(ds);
-	strncpy(content + offset, pattern, ~0);
+	copy_cstring(content + offset, pattern, ~0);
 	env.rm().detach(content);
 }
--- a/repos/dde_linux/src/drivers/framebuffer/imx8/lx_emul.cc
+++ b/repos/dde_linux/src/drivers/framebuffer/imx8/lx_emul.cc
@ -1254,7 +1254,8 @@ int oops_in_progress;
 char *strncpy(char *dst, const char* src, size_t n)
 {
-	return Genode::strncpy(dst, src, n);
+	Genode::copy_cstring(dst, src, n);
 	return dst;
 }
 int strncmp(const char *cs, const char *ct, size_t count)
--- a/repos/dde_linux/src/drivers/framebuffer/intel/lx_emul.cc
+++ b/repos/dde_linux/src/drivers/framebuffer/intel/lx_emul.cc
@ -343,7 +343,8 @@ char *strcpy(char *to, const char *from)
 char *strncpy(char *dst, const char* src, size_t n)
 {
-	return Genode::strncpy(dst, src, n);
+	Genode::copy_cstring(dst, src, n);
 	return dst;
 }
 int strncmp(const char *cs, const char *ct, size_t count)
--- a/repos/dde_linux/src/lib/lxip/lxcc_emul.cc
+++ b/repos/dde_linux/src/lib/lxip/lxcc_emul.cc
@ -190,7 +190,8 @@ char *strcpy(char *to, const char *from)
 char *strncpy(char *dst, const char* src, size_t n)
 {
-	return Genode::strncpy(dst, src, n);
+	Genode::copy_cstring(dst, src, n);
 	return dst;
 }
--- a/repos/dde_linux/src/lib/vfs/lxip/vfs.cc
+++ b/repos/dde_linux/src/lib/vfs/lxip/vfs.cc
@ -970,7 +970,7 @@ class Vfs::Lxip_accept_file final : public Vfs::Lxip_file
 			f.f_flags = 0;
 			if (_sock.ops->poll(&f, &_sock, nullptr) & (POLLIN)) {
-				Genode::strncpy(dst, "1\n", len);
+				copy_cstring(dst, "1\n", len);
 				return Genode::strlen(dst);
 			}
--- a/repos/dde_rump/src/lib/rump/hypercall.cc
+++ b/repos/dde_rump/src/lib/rump/hypercall.cc
@ -153,13 +153,13 @@ int rumpuser_getparam(const char *name, void *buf, size_t buflen)
 	/* support one cpu */
 	if (!Genode::strcmp(name, "_RUMPUSER_NCPU")) {
-		Genode::strncpy((char *)buf, "1", 2);
+		Genode::copy_cstring((char *)buf, "1", 2);
 		return 0;
 	}
 	/* return out cool host name */
 	if (!Genode::strcmp(name, "_RUMPUSER_HOSTNAME")) {
-		Genode::strncpy((char *)buf, "rump4genode", 12);
+		Genode::copy_cstring((char *)buf, "rump4genode", 12);
 		return 0;
 	}
--- a/repos/demo/include/scout/canvas.h
+++ b/repos/demo/include/scout/canvas.h
@ -102,7 +102,7 @@ class Scout::Canvas : public Canvas_base
 		void draw_string(int x, int y, Font *font, Color color, char const *str, int len) override
 		{
 			char buf[len + 1];
-			Genode::strncpy(buf, str, len + 1);
+			Genode::copy_cstring(buf, str, len + 1);
 			Text_painter::paint(_surface, Text_painter::Position(x, y), *font, color, buf);
 		}
--- a/repos/demo/src/server/nitlog/main.cc
+++ b/repos/demo/src/server/nitlog/main.cc
@ -125,8 +125,8 @@ class Log_entry
 		Log_entry(Genode::Color color, const char *label, const char *log_text, const char *log_attr, int id):
 			_color(color), _id(id)
 		{
-			Genode::strncpy(_label, label,    sizeof(_label));
+			Genode::copy_cstring(_label, label,    sizeof(_label));
-			Genode::strncpy(_text,  log_text, sizeof(_text));
+			Genode::copy_cstring(_text,  log_text, sizeof(_text));
 			_label_len = Genode::strlen(_label);
 			_text_len  = Genode::strlen(_text);
--- a/repos/gems/src/server/http_block/http.cc
+++ b/repos/gems/src/server/http_block/http.cc
@ -222,10 +222,10 @@ void Http::parse_uri(::String const &u)
 	for (i = 0; i < length && uri[i] != '/'; i++) ;
 	_heap.alloc(i + 1, (void**)&_host);
-	Genode::strncpy(_host, uri, i + 1);
+	copy_cstring(_host, uri, i + 1);
 	_heap.alloc(length - i + 1, (void**)&_path);
-	Genode::strncpy(_path, uri + i, length - i + 1);
+	copy_cstring(_path, uri + i, length - i + 1);
 	/* look for port */
 	size_t len = Genode::strlen(_host);
--- a/repos/gems/src/server/wm/nitpicker.h
+++ b/repos/gems/src/server/wm/nitpicker.h
@ -743,8 +743,8 @@ class Wm::Nitpicker::Session_component : public Rpc_object<Nitpicker::Session>,
 				{
 					char sanitized_title[command.title.title.capacity()];
-					Genode::strncpy(sanitized_title, command.title.title.string(),
+					Genode::copy_cstring(sanitized_title, command.title.title.string(),
-					                sizeof(sanitized_title));
+					                     sizeof(sanitized_title));
 					for (char *c = sanitized_title; *c; c++)
 						if (*c == '"')
--- a/repos/libports/src/lib/gcov/libc/libc.cc
+++ b/repos/libports/src/lib/gcov/libc/libc.cc
@ -263,7 +263,9 @@ extern "C" void *malloc(size_t size)
 extern "C" char *strcpy(char *dest, const char *src)
 {
-	return Genode::strncpy(dest, src, Genode::strlen(src) + 1);
+	Genode::copy_cstring(dest, src, Genode::strlen(src) + 1);
 	return dest;
 }
--- a/repos/libports/src/lib/libc/execve.cc
+++ b/repos/libports/src/lib/libc/execve.cc
@ -241,7 +241,7 @@ struct Libc::String_array : Noncopyable
 			if (_pos + len > _size)
 				return false;
-			Genode::strncpy(_base + _pos, s, len);
+			copy_cstring(_base + _pos, s, len);
 			_pos += len;
 			return true;
 		}
--- a/repos/libports/src/lib/libc/file_operations.cc
+++ b/repos/libports/src/lib/libc/file_operations.cc
@ -693,6 +693,6 @@ __SYS_(ssize_t, write, (int libc_fd, const void *buf, ::size_t count),
 extern "C" int __getcwd(char *dst, ::size_t dst_size)
 {
-	Genode::strncpy(dst, cwd().base(), dst_size);
+	copy_cstring(dst, cwd().base(), dst_size);
 	return 0;
 }
--- a/repos/libports/src/lib/libc/getpwent.cc
+++ b/repos/libports/src/lib/libc/getpwent.cc
@ -45,7 +45,7 @@ struct Libc::Passwd_fields
 		Buffer(Passwd_string const &string)
 		{
-			Genode::strncpy(buf, string.string(), sizeof(buf));
+			copy_cstring(buf, string.string(), sizeof(buf));
 		}
 	};
--- a/repos/libports/src/lib/libc/kernel.cc
+++ b/repos/libports/src/lib/libc/kernel.cc
@ -152,7 +152,7 @@ void Libc::Kernel::_init_file_descriptors()
 		{
 			char *dst = (char *)_heap.alloc(path.length());
-			Genode::strncpy(dst, path.string(), path.length());
+			copy_cstring(dst, path.string(), path.length());
 			fd->fd_path = dst;
 		}
--- a/repos/libports/src/lib/libc/socket_fs_plugin.cc
+++ b/repos/libports/src/lib/libc/socket_fs_plugin.cc
@ -365,7 +365,7 @@ struct Libc::Socket_fs::Sockaddr_string : String<NI_MAXHOST + NI_MAXSERV>
 	{
 		Host_string host;
-		Genode::strncpy(host.base(), base(), host.capacity());
+		Genode::copy_cstring(host.base(), base(), host.capacity());
 		char *at = strstr(host.base(), ":");
 		if (!at)
 			throw Address_conversion_failed();
@ -382,7 +382,7 @@ struct Libc::Socket_fs::Sockaddr_string : String<NI_MAXHOST + NI_MAXSERV>
 		if (!at)
 			throw Address_conversion_failed();
-		Genode::strncpy(port.base(), ++at, port.capacity());
+		Genode::copy_cstring(port.base(), ++at, port.capacity());
 		return port;
 	}
--- a/repos/libports/src/lib/libc/sysctl.cc
+++ b/repos/libports/src/lib/libc/sysctl.cc
@ -131,7 +131,7 @@ extern "C" int __sysctl(const int *name, u_int namelen,
 		case CTL_KERN:
 			switch(index_b) {
 			case KERN_OSTYPE:
-				Genode::strncpy(buf, "Genode", *oldlenp);
+				copy_cstring(buf, "Genode", *oldlenp);
 				*oldlenp = Genode::strlen(buf);
 				return 0;
@ -142,7 +142,7 @@ extern "C" int __sysctl(const int *name, u_int namelen,
 				return 0;
 			case KERN_HOSTNAME:
-				Genode::strncpy(buf, "localhost", *oldlenp);
+				copy_cstring(buf, "localhost", *oldlenp);
 				*oldlenp = Genode::strlen(buf);
 				return 0;
--- a/repos/libports/src/lib/libc/vfs_plugin.cc
+++ b/repos/libports/src/lib/libc/vfs_plugin.cc
@ -1017,7 +1017,7 @@ ssize_t Libc::Vfs_plugin::getdirentries(File_descriptor *fd, char *buf,
 	dirent.d_fileno = dirent_out.fileno;
 	dirent.d_reclen = sizeof(struct dirent);
-	Genode::strncpy(dirent.d_name, dirent_out.name.buf, sizeof(dirent.d_name));
+	Genode::copy_cstring(dirent.d_name, dirent_out.name.buf, sizeof(dirent.d_name));
 	dirent.d_namlen = Genode::strlen(dirent.d_name);
--- a/repos/libports/src/lib/posix/construct.cc
+++ b/repos/libports/src/lib/posix/construct.cc
@ -72,7 +72,7 @@ static void construct_component(Libc::Env &env)
 					argv[arg_i] = (char *)malloc(size);
-					Genode::strncpy(argv[arg_i], start, size);
+					Genode::copy_cstring(argv[arg_i], start, size);
 				});
 				++arg_i;
@ -114,8 +114,7 @@ static void construct_component(Libc::Env &env)
 						return;
 					}
-					/* Genode's strncpy always zero-terminates */
+					copy_cstring(envp[env_i] + pos, s, len + 1);
 					Genode::strncpy(envp[env_i] + pos, s, len + 1);
 					pos += len;
 				};
--- a/repos/libports/src/lib/qemu-usb/qemu_emul.cc
+++ b/repos/libports/src/lib/qemu-usb/qemu_emul.cc
@ -443,7 +443,7 @@ void qbus_create_inplace(void* bus, size_t size , const char* type,
 	BusState   *b = &w->_bus_state;
 	char const *n = "xhci.0";
 	b->name = (char *)g_malloc(Genode::strlen(n) + 1);
-	Genode::strncpy(b->name, n, Genode::strlen(n) + 1);
+	Genode::copy_cstring(b->name, n, Genode::strlen(n) + 1);
 }
--- a/repos/libports/src/lib/vfs/lwip/vfs.cc
+++ b/repos/libports/src/lib/vfs/lwip/vfs.cc
@ -1016,7 +1016,7 @@ class Lwip::Udp_socket_dir final :
 					return Write_result::WRITE_ERR_INVALID;
 				} else {
 					char buf[ENDPOINT_STRLEN_MAX];
-					Genode::strncpy(buf, src, min(count+1, sizeof(buf)));
+					copy_cstring(buf, src, min(count+1, sizeof(buf)));
 					_to_port = remove_port(buf);
 					out_count = count;
@ -1034,7 +1034,7 @@ class Lwip::Udp_socket_dir final :
 					ip_addr_t addr;
 					u16_t port;
-					Genode::strncpy(buf, src, min(count+1, sizeof(buf)));
+					copy_cstring(buf, src, min(count+1, sizeof(buf)));
 					port = remove_port(buf);
 					if (!ipaddr_aton(buf, &addr))
 						break;
@ -1053,7 +1053,7 @@ class Lwip::Udp_socket_dir final :
 				if (count < ENDPOINT_STRLEN_MAX) {
 					char buf[ENDPOINT_STRLEN_MAX];
-					Genode::strncpy(buf, src, min(count+1, sizeof(buf)));
+					copy_cstring(buf, src, min(count+1, sizeof(buf)));
 					_to_port = remove_port(buf);
 					if (!ipaddr_aton(buf, &_to_addr))
@ -1490,7 +1490,7 @@ class Lwip::Tcp_socket_dir final :
 					ip_addr_t addr;
 					u16_t port = 0;
-					Genode::strncpy(buf, src, min(count+1, sizeof(buf)));
+					Genode::copy_cstring(buf, src, min(count+1, sizeof(buf)));
 					port = remove_port(buf);
 					if (!ipaddr_aton(buf, &addr))
@ -1511,7 +1511,7 @@ class Lwip::Tcp_socket_dir final :
 					ip_addr_t addr;
 					u16_t port = 0;
-					Genode::strncpy(buf, src, min(count+1, sizeof(buf)));
+					copy_cstring(buf, src, min(count+1, sizeof(buf)));
 					port = remove_port(buf);
 					if (!ipaddr_aton(buf, &addr))
 						break;
@ -1532,7 +1532,7 @@ class Lwip::Tcp_socket_dir final :
 					unsigned long backlog = TCP_DEFAULT_LISTEN_BACKLOG;
 					char buf[8];
-					Genode::strncpy(buf, src, min(count+1, sizeof(buf)));
+					copy_cstring(buf, src, min(count+1, sizeof(buf)));
 					Genode::ascii_to_unsigned(buf, backlog, 10);
 					/* this replaces the PCB so set the callbacks again */
--- a/repos/libports/src/test/libc_component/main.cc
+++ b/repos/libports/src/test/libc_component/main.cc
@ -177,7 +177,7 @@ struct Log::Session_component : Genode::Rpc_object<Log_session>
 	{
 		if (!(string_buf.valid_string())) { return; }
-		strncpy(_buf, string_buf.string(), sizeof(_buf));
+		Genode::copy_cstring(_buf, string_buf.string(), sizeof(_buf));
 		size_t len = strlen(_buf);
 		if (_buf[len-1] == '\n') _buf[len-1] = 0;
--- a/repos/os/include/file_system_session/file_system_session.h
+++ b/repos/os/include/file_system_session/file_system_session.h
@ -296,7 +296,7 @@ struct File_system::Directory_entry
 		char buf[MAX_NAME_LEN] { };
 		Name() { };
-		Name(char const *name) { Genode::strncpy(buf, name, sizeof(buf)); }
+		Name(char const *name) { Genode::copy_cstring(buf, name, sizeof(buf)); }
 	};
 	unsigned long inode;
--- a/repos/os/include/os/path.h
+++ b/repos/os/include/os/path.h
@ -168,7 +168,7 @@ class Genode::Path_base
 				throw Path_too_long();
 			if (_path)
-				strncpy(_path + orig_len, path, _path_max_len - orig_len);
+				copy_cstring(_path + orig_len, path, _path_max_len - orig_len);
 		}
 		void _append_slash_if_needed()
@ -207,7 +207,7 @@ class Genode::Path_base
 			 * Use argument path if absolute
 			 */
 			if (absolute(path))
-				strncpy(_path, path, _path_max_len);
+				copy_cstring(_path, path, _path_max_len);
 			/*
 			 * Otherwise, concatenate current working directory with
@ -216,7 +216,7 @@ class Genode::Path_base
 			else {
 				const char *const relative_path = path;
-				strncpy(_path, pwd, _path_max_len);
+				copy_cstring(_path, pwd, _path_max_len);
 				if (!empty(relative_path)) {
@ -371,7 +371,7 @@ class Genode::Path : public Path_base
 		Path& operator=(char const *path)
 		{
-			Genode::strncpy(_buf, path, MAX_LEN);
+			copy_cstring(_buf, path, MAX_LEN);
 			_canonicalize();
 			return *this;
 		}
@ -380,14 +380,14 @@ class Genode::Path : public Path_base
 		Path& operator=(Path const &other)
 		{
-			Genode::strncpy(_buf, other._buf, MAX_LEN);
+			copy_cstring(_buf, other._buf, MAX_LEN);
 			return *this;
 		}
 		template <unsigned N>
 		Path& operator=(Path<N> const &other)
 		{
-			Genode::strncpy(_buf, other._buf, MAX_LEN);
+			copy_cstring(_buf, other._buf, MAX_LEN);
 			return *this;
 		}
 };
@ -409,7 +409,7 @@ namespace Genode {
 			if (!strcmp(" -> ", label+j, 4)) {
 				path.append("/");
-				strncpy(tmp, label+i, (j-i)+1);
+				copy_cstring(tmp, label+i, (j-i)+1);
 				/* rewrite any directory separators */
 				for (size_t k = 0; k < path.capacity(); ++k)
 					if (tmp[k] == '/')
@ -421,7 +421,7 @@ namespace Genode {
 			}
 		}
 		path.append("/");
-		strncpy(tmp, label+i, path.capacity());
+		copy_cstring(tmp, label+i, path.capacity());
 		/* rewrite any directory separators */
 		for (size_t k = 0; k < path.capacity(); ++k)
 			if (tmp[k] == '/')
--- a/repos/os/include/spec/imx53/imx_framebuffer_session/connection.h
+++ b/repos/os/include/spec/imx53/imx_framebuffer_session/connection.h
@ -39,7 +39,7 @@ class Framebuffer::Imx_connection : public Genode::Connection<Imx_session>,
 			char argbuf[ARGBUF_SIZE];
 			/* donate ram quota for storing server-side meta data */
-			strncpy(argbuf, "ram_quota=8K", sizeof(argbuf));
+			copy_cstring(argbuf, "ram_quota=8K", sizeof(argbuf));
 			/* set optional session-constructor arguments */
 			if (width)
--- a/repos/os/include/vfs/directory_service.h
+++ b/repos/os/include/vfs/directory_service.h
@ -182,7 +182,7 @@ struct Vfs::Directory_service : Interface
 			char buf[MAX_LEN] { };
 			Name() { };
-			Name(char const *name) { strncpy(buf, name, sizeof(buf)); }
+			Name(char const *name) { copy_cstring(buf, name, sizeof(buf)); }
 		};
 		unsigned long fileno;
--- a/repos/os/include/vfs/types.h
+++ b/repos/os/include/vfs/types.h
@ -34,7 +34,7 @@ namespace Vfs {
 	using Genode::Dataspace_client;
 	using Genode::min;
 	using Genode::ascii_to;
-	using Genode::strncpy;
+	using Genode::copy_cstring;
 	using Genode::strcmp;
 	using Genode::strlen;
 	typedef long long file_offset;
--- a/repos/os/src/drivers/nic/spec/linux/main.cc
+++ b/repos/os/src/drivers/nic/spec/linux/main.cc
@ -121,7 +121,7 @@ class Linux_session_component : public Nic::Session_component
 				Genode::log("using tap device \"", Genode::Cstring(ifr.ifr_name), "\"");
 			} catch (...) {
 				/* use tap0 if no config has been provided */
-				Genode::strncpy(ifr.ifr_name, "tap0", sizeof(ifr.ifr_name));
+				Genode::copy_cstring(ifr.ifr_name, "tap0", sizeof(ifr.ifr_name));
 				Genode::log("no config provided, using tap0");
 			}
--- a/repos/os/src/drivers/nvme/util.h
+++ b/repos/os/src/drivers/nvme/util.h
@ -41,7 +41,7 @@ namespace Util {
 		static char tmp[64] = { };
 		if (len > sizeof(tmp)) { return nullptr; }
-		Genode::strncpy(tmp, base + offset, len);
+		copy_cstring(tmp, base + offset, len);
 		len--; /* skip NUL */
 		while (len > 0 && tmp[--len] == ' ') { tmp[len] = 0; }
--- a/repos/os/src/lib/sandbox/child.h
+++ b/repos/os/src/lib/sandbox/child.h
@ -296,12 +296,13 @@ class Sandbox::Child : Child_policy, Routed_service::Wakeup
 					/*
 					 * The 'length' is the number of bytes of the config-node
 					 * content, which is not null-terminated. Since
-					 * 'Genode::strncpy' always null-terminates the result, the
+					 * 'Genode::copy_cstring' always null-terminates the
-					 * last byte of the source string is not copied. Hence, it
+					 * result, the last byte of the source string is not
-					 * is safe to add '1' to 'length' and thereby include the
+					 * copied. Hence, it is safe to add '1' to 'length' and
-					 * last actual config-content character in the result.
+					 * thereby include the last actual config-content character
 					 * in the result.
 					 */
-					Genode::strncpy(dst, start, length + 1);
+					copy_cstring(dst, start, length + 1);
 				});
 			}
--- a/repos/os/src/lib/sandbox/server.cc
+++ b/repos/os/src/lib/sandbox/server.cc
@ -212,7 +212,7 @@ void Sandbox::Server::_handle_create_session_request(Xml_node request,
 		 * Reduce session quota by local session costs
 		 */
 		char argbuf[Parent::Session_args::MAX_SIZE];
-		strncpy(argbuf, args.string(), sizeof(argbuf));
+		copy_cstring(argbuf, args.string(), sizeof(argbuf));
 		Cap_quota const cap_quota = cap_quota_from_args(argbuf);
 		Ram_quota const ram_quota = ram_quota_from_args(argbuf);
--- a/repos/os/src/lib/vfs/ram_file_system.h
+++ b/repos/os/src/lib/vfs/ram_file_system.h
@ -137,7 +137,7 @@ class Vfs_ram::Node : private Genode::Avl_node<Node>, private Genode::Mutex
 		virtual ~Node() { }
 		char const *name() { return _name; }
-		void name(char const *name) { strncpy(_name, name, MAX_NAME_LEN); }
+		void name(char const *name) { copy_cstring(_name, name, MAX_NAME_LEN); }
 		virtual Vfs::file_size length() = 0;
@ -516,7 +516,7 @@ class Vfs::Ram_file_system : public Vfs::File_system
 			if (*path == '\0') return &_root;
 			char buf[Vfs::MAX_PATH_LEN];
-			strncpy(buf, path, Vfs::MAX_PATH_LEN);
+			copy_cstring(buf, path, Vfs::MAX_PATH_LEN);
 			Directory *dir = &_root;
 			char *name = &buf[0];
--- a/repos/os/src/lib/vfs/symlink_file_system.h
+++ b/repos/os/src/lib/vfs/symlink_file_system.h
@ -44,7 +44,7 @@ class Vfs::Symlink_file_system : public Single_file_system
 			                 file_size &out_count) override
 			{
 				auto n = min(count, _target.length());
-				strncpy(dst, _target.string(), n);
+				copy_cstring(dst, _target.string(), n);
 				out_count = n - 1;
 				return READ_OK;
 			}
--- a/repos/os/src/lib/vfs/tar_file_system.h
+++ b/repos/os/src/lib/vfs/tar_file_system.h
@ -65,7 +65,7 @@ class Vfs::Tar_file_system : public File_system
 				 * large enough to host an additional zero.
 				 */
 				char buf[sizeof(field) + 1];
-				strncpy(buf, field, sizeof(buf));
+				copy_cstring(buf, field, sizeof(buf));
 				unsigned long value = 0;
 				Genode::ascii_to_unsigned(buf, value, 8);
@ -394,7 +394,7 @@ class Vfs::Tar_file_system : public File_system
 				 * GNU tar does not null terminate names of length 100
 				 */
 				else {
-					strncpy(path_element, record->name(), 101);
+					copy_cstring(path_element, record->name(), 101);
 					current_path.import(path_element);
 				}
@ -437,14 +437,14 @@ class Vfs::Tar_file_system : public File_system
 							 */
 							Genode::size_t name_size = strlen(path_element) + 1;
 							char *name = (char*)_alloc.alloc(name_size);
-							strncpy(name, path_element, name_size);
+							copy_cstring(name, path_element, name_size);
 							child_node = new (_alloc) Node(name, record);
 						} else {
 							/* create a directory node without record */
 							Genode::size_t name_size = strlen(path_element) + 1;
 							char *name = (char*)_alloc.alloc(name_size);
-							strncpy(name, path_element, name_size);
+							copy_cstring(name, path_element, name_size);
 							child_node = new (_alloc) Node(name, 0);
 						}
 						parent_node->insert(child_node);
@ -510,7 +510,7 @@ class Vfs::Tar_file_system : public File_system
 				Node *node = root_node.lookup(path);
 				if (!node)
 					return 0;
-				strncpy(key, path, sizeof(key));
+				copy_cstring(key, path, sizeof(key));
 				cached_num_dirent = node->num_dirent();
 				valid = true;
 			}
--- a/repos/os/src/server/chroot/component.cc
+++ b/repos/os/src/server/chroot/component.cc
@ -155,7 +155,7 @@ struct Chroot::Main
 		enum { ARGS_MAX_LEN = 256 };
 		char new_args[ARGS_MAX_LEN];
-		strncpy(new_args, args.string(), ARGS_MAX_LEN);
+		copy_cstring(new_args, args.string(), ARGS_MAX_LEN);
 		/* sacrifice the label to make space for the root argument */
 		Arg_string::remove_arg(new_args, "label");
--- a/repos/os/src/server/fs_log/main.cc
+++ b/repos/os/src/server/fs_log/main.cc
@ -102,7 +102,7 @@ class Fs_log::Root_component :
 						label_prefix = label_str+i+4;
 						{
 							char tmp[128];
-							strncpy(tmp, label_str, min(sizeof(tmp), i+1));
+							copy_cstring(tmp, label_str, min(sizeof(tmp), i+1));
 							dir_path = path_from_label<Path>(tmp);
 						}
 						break;
@ -119,11 +119,11 @@ class Fs_log::Root_component :
 				dir_path = path_from_label<Path>(label_str); }
 			if (dir_path == "/") {
-				strncpy(file_name, "log", sizeof(file_name));
+				copy_cstring(file_name, "log", sizeof(file_name));
 				label_prefix = label_str;
 			} else {
 				dir_path.append(".log");
-				strncpy(file_name, dir_path.last_element(), sizeof(file_name));
+				copy_cstring(file_name, dir_path.last_element(), sizeof(file_name));
 				dir_path.strip_last_element();
 				dir_path.remove_trailing('/');
 			}
--- a/repos/os/src/server/iso9660/main.cc
+++ b/repos/os/src/server/iso9660/main.cc
@ -157,7 +157,7 @@ class Iso::Root : public Iso::Root_component
 				throw Insufficient_ram_quota();
 			Session_label const label = label_from_args(args);
-			strncpy(_path, label.last_element().string(), sizeof(_path));
+			copy_cstring(_path, label.last_element().string(), sizeof(_path));
 			if (verbose)
 				Genode::log("Request for file ", Cstring(_path), " len ", strlen(_path));
--- a/repos/os/src/server/log_report/main.cc
+++ b/repos/os/src/server/log_report/main.cc
@ -59,7 +59,7 @@ class Report::Session_component : public Genode::Rpc_object<Session>
 			char buf[1024];
 			for (size_t consumed = 0; consumed < length; consumed += strlen(buf)) {
-				strncpy(buf, _ds.local_addr<char>() + consumed, sizeof(buf));
+				copy_cstring(buf, _ds.local_addr<char>() + consumed, sizeof(buf));
 				log(Cstring(buf));
 			}
 			log("\nend of report");
--- a/repos/os/src/server/lx_fs/node.h
+++ b/repos/os/src/server/lx_fs/node.h
@ -46,7 +46,7 @@ class Lx_fs::Node : public File_system::Node_base
 		/**
 		 * Assign name
 		 */
-		void name(char const *name) { Genode::strncpy(_name, name, sizeof(_name)); }
+		void name(char const *name) { Genode::copy_cstring(_name, name, sizeof(_name)); }
 		virtual void update_modification_time(Timestamp const) = 0;
--- a/repos/os/src/server/lx_fs/symlink.h
+++ b/repos/os/src/server/lx_fs/symlink.h
@ -42,7 +42,7 @@ class File_system::Symlink : public Node
 		size_t read(char *dst, size_t len, seek_off_t seek_offset) override
 		{
 			size_t count = min(len, sizeof(_link_to) + 1);
-			Genode::strncpy(dst, _link_to, count);
+			Genode::copy_cstring(dst, _link_to, count);
 			return count;
 		}
@ -52,7 +52,7 @@ class File_system::Symlink : public Node
 			if (seek_offset) return 0;
 			size_t count = min(len, sizeof(_link_to) + 1);
-			Genode::strncpy(_link_to, src, count);
+			Genode::copy_cstring(_link_to, src, count);
 			return count;
 		}
--- a/repos/os/src/server/tz_vmm/block_driver.cc
+++ b/repos/os/src/server/tz_vmm/block_driver.cc
@ -102,7 +102,7 @@ Block_driver::Block_driver(Env       &env,
 void Block_driver::_name(Vm_base &vm)
 {
 	_dev_apply(Device::Id { vm.smc_arg_2() },
-		[&] (Device &dev) { strncpy((char *)_buf, dev.name().string(), _buf_size); },
+		[&] (Device &dev) { copy_cstring((char *)_buf, dev.name().string(), _buf_size); },
 		[&] ()            { ((char *)_buf)[0] = 0; });
 }
--- a/repos/os/src/server/tz_vmm/include/atag.h
+++ b/repos/os/src/server/tz_vmm/include/atag.h
@ -187,7 +187,7 @@ class Atag {
 			_params->hdr.tag  = ATAG_CMDLINE;
 			_params->hdr.size = (sizeof(struct atag_header) + len + 1 + 4) >> 2;
-			Genode::strncpy(_params->u.cmdline.cmdline, line, len + 1);
+			Genode::copy_cstring(_params->u.cmdline.cmdline, line, len + 1);
 			_next();
 		}
--- a/repos/os/src/test/dynamic_config/loader/main.cc
+++ b/repos/os/src/test/dynamic_config/loader/main.cc
@ -34,7 +34,7 @@ struct Main
 			env.rm().attach(loader.alloc_rom_module("config", CONFIG_SIZE));
 		String<100> config("<config><counter>", counter++, "</counter></config>");
-		strncpy(config_ds_addr, config.string(), CONFIG_SIZE);
+		copy_cstring(config_ds_addr, config.string(), CONFIG_SIZE);
 		env.rm().detach(config_ds_addr);
 		loader.commit_rom_module("config");
 		timer.trigger_once(250 * 1000);
--- a/repos/os/src/test/dynamic_config/server/main.cc
+++ b/repos/os/src/test/dynamic_config/server/main.cc
@ -53,7 +53,7 @@ class Rom_session_component : public Rpc_object<Rom_session>
 			if (_bg.size() < data_len)
 				_bg.realloc(&_env.ram(), data_len);
-			strncpy(_bg.local_addr<char>(), data, data_len);
+			copy_cstring(_bg.local_addr<char>(), data, data_len);
 			_bg_pending_data = true;
 			/* inform client about the changed data */
--- a/repos/ports/src/app/seoul/boot_module_provider.h
+++ b/repos/ports/src/app/seoul/boot_module_provider.h
@ -183,7 +183,7 @@ class Boot_module_provider
 						return 0;
 					/* copy name to command line */
-					strncpy(&dst[cmd_len], name.string(), name_len + 1);
+					copy_cstring(&dst[cmd_len], name.string(), name_len + 1);
 					cmd_len += name_len;
 					/* check if name fills entire destination buffer */
@ -205,7 +205,7 @@ class Boot_module_provider
 						}
 						/* copy 'cmdline' attribute to destination buffer */
-						Genode::strncpy(&dst[cmd_len], cmdline.string(), dst_len - cmd_len);
+						copy_cstring(&dst[cmd_len], cmdline.string(), dst_len - cmd_len);
 						/*
 						 * The string returned by the 'value' function is
--- a/repos/ports/src/virtualbox5/frontend/main.cc
+++ b/repos/ports/src/virtualbox5/frontend/main.cc
@ -277,10 +277,10 @@ void Libc::Component::construct(Libc::Env &env)
 		typedef String<128> Name;
 		Name const vbox_file = config.attribute_value("vbox_file", Name());
-		Genode::strncpy(c_vbox_file, vbox_file.string(), sizeof(c_vbox_file));
+		copy_cstring(c_vbox_file, vbox_file.string(), sizeof(c_vbox_file));
 		Name const vm_name = config.attribute_value("vm_name", Name());
-		Genode::strncpy(c_vbox_vmname, vm_name.string(), sizeof(c_vbox_vmname));
+		copy_cstring(c_vbox_vmname, vm_name.string(), sizeof(c_vbox_vmname));
 	}
 	/* enable stdout/stderr for VBox Log infrastructure */
--- a/repos/ports/src/virtualbox5/rt.cc
+++ b/repos/ports/src/virtualbox5/rt.cc
@ -427,6 +427,6 @@ uint32_t RTBldCfgRevision(void)     { return ~0; }
 extern "C" DECLHIDDEN(int) rtProcInitExePath(char *pszPath, size_t cchPath)
 {
-	Genode::strncpy(pszPath, "/virtualbox", cchPath);
+	Genode::copy_cstring(pszPath, "/virtualbox", cchPath);
 	return 0;
 }