Usage of strcpy() can lead to buffer overflows. Therefore, it has been
replaced with strncpy(). The output file path is provided as a parameter
and might be restricted by command-line by default. But this defensive
patch will prevent any potential overflow, making the code more robust
against future changes in input handling.

Testing:
- ran perf test from tools/perf and did not observe any regression with
  the earlier code

Signed-off-by: Hrishikesh Suresh <hrishikesh123s@gmail.com>
---
 tools/perf/util/jitdump.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/jitdump.c b/tools/perf/util/jitdump.c
index b062b1f234b6..496ca2d2bfdb 100644
--- a/tools/perf/util/jitdump.c
+++ b/tools/perf/util/jitdump.c
@@ -233,7 +233,8 @@ jit_open(struct jit_buf_desc *jd, const char *name)
 	/*
 	 * keep dirname for generating files and mmap records
 	 */
-	strcpy(jd->dir, name);
+	strncpy(jd->dir, name, PATH_MAX);
+	jd->dir[PATH_MAX - 1] = '\0';
 	dirname(jd->dir);
 	free(buf);
 
-- 
2.34.1

On Wed, 19 Nov 2025 23:16:10 -0500, Hrishikesh Suresh wrote:
> Usage of strcpy() can lead to buffer overflows. Therefore, it has been
> replaced with strncpy(). The output file path is provided as a parameter
> and might be restricted by command-line by default. But this defensive
> patch will prevent any potential overflow, making the code more robust
> against future changes in input handling.
> 
> Testing:
> - ran perf test from tools/perf and did not observe any regression with
>   the earlier code
> 
> [...]
Applied to perf-tools-next, thanks!

Best regards,
Namhyung