On Thu, 9 Aug 2012, Frederic Koehler wrote:
> On Thu, Aug 9, 2012 at 5:45 AM, Pascal Stumpf <pascal.stu...@cubes.de> wrote:
>> On Thu, 09 Aug 2012 10:56:10 +0200, Pascal Stumpf wrote:
>>> On Thu, 09 Aug 2012 07:40:43 +0200, Marc Balmer wrote:
>>>> A few more sprintf() to snprintf() conversion.
>>>>
>>>> We need to find a proper way to replace strcpy() and strcat(), maybe
>>>> keep a local copy of strlcpy() and strlcat() from OpenBSD around
>>>> somewhere? Other suggestions?
>>>
>>> +1
>>>
>>> Or link with -lbsd, which is provided on most Linux distributions
>>> nowadays. The hard part is to do the replacement work. If someone is
>>> interested, I can send them a full build log on OpenBSD, where the
>>> linker warns about the use of unsafe functions.
>>
>> Also, I've seen some instances where strncpy() is obviously misused
>> (assuming it NUL-terminates the string, which it does not).
>>
>
> I don't quite understand what you mean, could you give an example? The
> manpage says it will copy a null byte if it comes to one in the src
> string, and it will also pad null bytes if there is room left
> in dest.
I think he's refering to the case where the src is longer than the
dest, then the the dest will not be null terminated. I always hated
that about strncpy... to be truly safe, you usually need to do
something like:
#define MAXSTR 100
strncpy(deststr, srcstr, MAXSTR);
deststr[MAXSTR - 1] = 0;
etc...
[...]
--
Jon Trulson
"If the Martian rope-a-dope don't get him, he'll get himself, he'll
come in too fast and punch himself out."
- one of my brothers, referring to the Curiosity landing.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
