RIP strncpy(3) and strncat(3)

[Alejandro Colomar]

Hi Branden,

You probably have seen my radical changes regarding string copy functions.

I've seen that groff uses strncpy(3) in a few places, and strncat(3) in one:


$ grep -rn strncpy src/
src/libs/libdriver/input.cpp:1038:  strncpy((char *)current_filename, (char 
*)fname, len);
src/libs/libdriver/input.cpp:1064:  strncpy((char *)current_source_filename, 
(char *)fname, len);
src/roff/groff/pipeline.c:134:  strncpy(base, p1, p2 - p1);
src/roff/troff/node.cpp:4128:   strncpy(new_name, image_filename, 
prefix_length);
src/roff/troff/node.cpp:4144:     strncpy(name, new_name, (namebuflen - 1));
src/preproc/preconv/preconv.cpp:1160:  strncpy(encoding_string, encoding, 
MAX_VAR_LEN - 1);
src/preproc/preconv/preconv.cpp:1240:    strncpy(fallback_encoding, 
locale_charset(), MAX_VAR_LEN - 1);
src/preproc/preconv/preconv.cpp:1276:	strncpy(user_encoding, optarg, MAX_VAR_LEN 
- 1);
src/preproc/preconv/preconv.cpp:1284:	strncpy(fallback_encoding, optarg, 
MAX_VAR_LEN - 1);
src/devices/xditview/font.c:326:                strncpy (dvi_name, s, m-s);
src/devices/xditview/font.c:333:                strncpy (x_name, s, m-s);
src/devices/grolbp/lbp.cpp:255:  strncpy(nam, &(f->lbpname[1]), 
strlen(f->lbpname) - 2);
src/devices/grohtml/output.cpp:67:  strncpy(s, w, n);

$ grep -rn strncat src/
src/roff/troff/input.cpp:7895:    strncat(s, fn, fnlen - sizeof(MACRO_POSTFIX) 
+ 1);


And that's not counting the uses within gnulib...

You may want to check out the new versions of the manual pages for those two 
functions.  Hopefully, they'll convince you to wipe them all.
If the pages are not convincing enough, I'm preparing string(7), which will 
cover all commonly known string copy functions, and then some, to help 
transition to safe functions.

Cheers,

Alex

--
<http://www.alejandro-colomar.es/>

OpenPGP_signature
Description: OpenPGP digital signature