Am 10.08.12 07:57, schrieb Marc Balmer: > Am 10.08.12 04:29, schrieb Aaron W. Hsu: >> Jon Trulson <j...@radscan.com> writes: >> >>> Hmmm... I'm leary of introducing further dependancies... Is it really >>> worth it? Do you have any idea how many strcpy et. al. are in CDE? :) >> >> I agree that there is no need to go on a hunt to replace all strcpy with >> strlcpy, but we *should* go through and make sure that strcpy is being used >> correctly. As long as that is obviously the case, then we have no problem. > > At least some compiler on some OSes (e.g. OpenBSD) warn about those > unsafe functions. Since these functions are really unsafe we should > replace them all. It is far to easy to turn a now safe construct into a > buffer overrun later without even touch the code near the actual strcpy. > There is no overhead in using strlcpy() and friends, but it is a safety > net.
Oh, but we still not decided whether to use stlcpy() and friend at all. It means linking libbsd. Are there objections or should I bake a diff for this on Linux? ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ cdesktopenv-devel mailing list cdesktopenv-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
