Hi!
On Fri, Jun 22, 2018 at 11:43:44AM -0300, Breno Leitao wrote:
> On 06/21/2018 08:18 PM, Segher Boessenkool wrote:
> > On Wed, Jun 20, 2018 at 07:51:11PM -0300, Breno Leitao wrote:
> >> - strncpy(prog, argv[0], strlen(argv[0]));
> >> + strncpy(prog, argv[0], sizeof(prog) - 1);
> >
> > strncpy(prog, argv[0], sizeof prog);
> > if (prog[sizeof prog - 1])
> > scream_bloody_murder();
> >
> > Silently using the wrong data is a worse habit than not checking for
> > overflows ;-)
>
> Completely agree! Thanks for bringing this up.
>
> If you don't mind, I would solve this problem slightly different, as it seems
> to be more readable.
>
> - strncpy(prog, argv[0], strlen(argv[0]));
> + if (strlen(argv[0]) >= LEN_MAX){
> + fprintf(stderr, "Very big executable name: %s\n", argv[0]);
> + return 1;
> + }
> +
> + strncpy(prog, argv[0], sizeof(prog) - 1);
The strlen reads all of argv[0], which can be very big in theory. It won't
matter in this test file -- program arguments cannot be super long, for one
thing -- but it's not a good idea in general (that is one of the problems
of strlcpy, btw).
Best of course is to avoid string length restrictions completely, if you can.
Segher
