[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nano-devel] Proposal: remove or change mallocstrncpy() so that it is mo

From: Mike Scalora
Subject: [Nano-devel] Proposal: remove or change mallocstrncpy() so that it is more safe & less cumbersome
Date: Wed, 13 Apr 2016 21:23:07 -0600

mallocstrncpy() unsurprisingly has the same pitfall as strncpy(), namely it null terminates strings EXCEPT if the string has n non-nulll characters. This is somewhat defensible in strncpy()'s case because it is useful for packed character fields that are not null terminated but mallocstrncpy() is always allocating a new buffer so it's never the case that the next byte might be a different field.

One could argue the current behaviour might be useful but in reality adding another byte to the malloc size and forcing null termination has very little cost AND all of the callers of mallocstrncpy() already do this outside the function except one.

Try: grep -A2 mallocstrncpy **/*.c

I propose changing mallocstrncpy() to add the extra byte and set the null then remove that extra code from each of the callers.

I also propose renaming the function to mallocstrndup() since it now has the semantics of strndup()+free() instead of malloc()+strncpy()+free() 

What do you think?


Attachment: mallocstrndup.patch
Description: Binary data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]