[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] strncpy(3), die, die, die.

From: P Vixie
Subject: Re: [Nmh-workers] strncpy(3), die, die, die.
Date: Mon, 24 Oct 2016 20:01:13 +0000

On overflow, the string should be zero filled, or abort() should be called.

Leaving a half useful result creates no incentive to check the return value.

On October 24, 2016 9:11:09 PM GMT+02:00, "Todd C. Miller" <address@hidden> wrote:
On Mon, 24 Oct 2016 18:59:36 -0000, P Vixie wrote:

Copy or die, as the default behavior.

Silent truncation should require explicit coding.

Strlcpy is completely bogus.

Both snprintf() and strlcpy() make it fairly easy to detect whe the
buffer was too small, which is more than I can say for strncpy().
It is up to the programmer to actually check the return value.

That said, I certainly agree that proceeding with a truncated buffer
is the wrong thing to do. Many (but not all) systems these days
provide asprintf() which dynamically allocates its buffer which can
solve a lot of these problems.

- todd

Sent from my Android device with K-9 Mail. Please excuse my brevity.
reply via email to

[Prev in Thread] Current Thread [Next in Thread]