warn against strcpy(3)

Mon, 03 Oct 2022 20:05:52 -0700 

Hello,

On macOS, the strcpy(3) manual page contains the
following "Admonishment" prominently displayed
immediately after the Synopsis:

YOU SHOULD ALMOST CERTAINLY USE strlcpy() INSTEAD.
See "Examples" below.

(Likewise for strcat(3).)

I find this a rather effective way of discouraging its
use especially for inexperienced programmers, who I
still see use these function in unsafe ways all too
often.

What do people think about adding this warning (see
attached diff)?

-Jan

Index: strcat.3
===================================================================
RCS file: /cvsroot/src/lib/libc/string/strcat.3,v
retrieving revision 1.16
diff -b -u -r1.16 strcat.3
--- strcat.3    16 Oct 2006 08:48:45 -0000      1.16
+++ strcat.3    4 Oct 2022 03:04:32 -0000
@@ -32,7 +32,7 @@
 .\"     from: @(#)strcat.3     8.1 (Berkeley) 6/4/93
 .\"    $NetBSD: strcat.3,v 1.16 2006/10/16 08:48:45 wiz Exp $
 .\"
-.Dd August 11, 2002
+.Dd October 03, 2022
 .Dt STRCAT 3
 .Os
 .Sh NAME
@@ -47,6 +47,17 @@
 .Fn strcat "char * restrict s" "const char * restrict append"
 .Ft char *
 .Fn strncat "char * restrict s" "const char * restrict append" "size_t count"
+.Sh ADMONISHMENT
+.Pp
+.ti +8
+.Pp
+YOU SHOULD ALMOST CERTAINLY USE
+.Fn strlcat
+INSTEAD.
+.Pp
+.Pp
+.ti +8
+See "Examples" below.
 .Sh DESCRIPTION
 The
 .Fn strcat
Index: strcpy.3
===================================================================
RCS file: /cvsroot/src/lib/libc/string/strcpy.3,v
retrieving revision 1.23
diff -b -u -r1.23 strcpy.3
--- strcpy.3    1 Apr 2015 20:18:17 -0000       1.23
+++ strcpy.3    4 Oct 2022 03:04:32 -0000
@@ -32,7 +32,7 @@
 .\"     from: @(#)strcpy.3     8.1 (Berkeley) 6/4/93
 .\"    $NetBSD: strcpy.3,v 1.23 2015/04/01 20:18:17 riastradh Exp $
 .\"
-.Dd April 1, 2015
+.Dd October 03, 2022
 .Dt STRCPY 3
 .Os
 .Sh NAME
@@ -53,6 +53,17 @@
 .Fn strcpy "char * restrict dst" "const char * restrict src"
 .Ft char *
 .Fn strncpy "char * restrict dst" "const char * restrict src" "size_t len"
+.Sh ADMONISHMENT
+.Pp
+.ti +8
+.Pp
+YOU SHOULD ALMOST CERTAINLY USE
+.Fn strlcpy
+INSTEAD.
+.Pp
+.Pp
+.ti +8
+See "Examples" below.
 .Sh DESCRIPTION
 The
 .Fn stpcpy

Reply via email to