On Tue, Jan 04, 2005 at 05:07:16PM +0100, Paolo Bonzini wrote:
Feel free to make your own applications spontaneously abort as much as
you like, but please don't impose spontaneous aborts due to user input
on my programs. Many programs are designed to report an error and
continue executing.
An excessively long string does not necessary indicate an insane program.
This is not how GNU programs should behave. The GNU coding standards
explicitly say
Avoid arbitrary limits on the length or number of _any_ data structure,
including file names, lines, files, and symbols, by allocating all data
structures dynamically. In most Unix utilities, "long lines are
silently truncated". This is not acceptable in a GNU utility.
So everything that is subject to user input must be malloced in libltdl,
and strlcpy will only be used to *protect against programmer mistakes*.
Which means, abort if they are found, instead of "silently truncated".
it's not "silently truncated". strlcpy returns the size of the
string it _tried_ to create. if that is >= the size it was limited to,
it got truncated.