nmh-workers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] strncpy(3), die, die, die.

From: Paul Vixie
Subject: Re: [Nmh-workers] strncpy(3), die, die, die.
Date: Mon, 24 Oct 2016 15:19:40 -0700
User-agent: Postbox 5.0.5 (Windows/20161020) 

Ralph Corderoy wrote:
> Perhaps a complainant could be told of the secret $NMHNOBARF to stop
> TRUNCCPY from aborting?  Though it would still complain for the first N
> goes?

i think the moment that the state of the program becomes undefined, you
should abort.

malloc and asprintf helpfully return a useless value (NULL) if they
can't fit your result into a new heap blob.

snprintf, strncpy, and strlcpy do not.

the right thing to create on overflow is an empty string. if the caller
doesn't check the return value, they're going to wonder where that empty
string came from. this would teach callers to check return values.

returning the front half of the source string is bad. and while
returning it non-\0-terminated is worse, neither is acceptable.

i once received a thousands-of-lines-long patch to bind8 to make it use
snprintf and strlcpy. i rejected it, and replaced every caller whose
starting conditions were not obvious from simple inspection with an "if"
statement that crashed out of the current operation if the resulting
string would not fit my assumptions.

replacing overrun with truncation is not a big enough improvement to
justify touching the code at all.

-- 
P Vixie
reply via email to
[Prev in Thread] Current Thread [Next in Thread]