Daniel Barkalow wrote:
> On Sat, 28 Apr 2007, Josh Triplett wrote:
>> Daniel Barkalow wrote:
>>> It was implemented in commit.c; move it with the other x memory functions.
>> [...]
>>> +static inline char *xstrndup(const char *str, int len)
>>> +{
>>> + char *ret = xmalloc(len + 1);
>>> + memcpy(ret, str, len);
>>> + ret[len] = '\0';
>>> + return ret;
>>> +}
>>> +
>> I don't know if it matters, but this definition of xstrndup, like the version
>> in commit.c, doesn't match the definition of strndup. strndup duplicates a
>> string, copying up to n characters or the length of the string. This xstrndup
>> always copies n characters, reading past the end of the string if it doesn't
>> have at least n characters.
>
> Good catch. Replacing the memcpy with strncpy solves this, right?
> (Potentially allocating a bit of extra memory if someone is actually using
> it on too short a string for some reason, of course).
That would work, but it seems bad to allocate excess memory. How about just
using strlen and setting len to that if shorter, before doing the xmalloc and
memcpy? Yes, that makes two passes over the string, but I don't see any way
around that.
I just checked the glibc source for strndup, and it does exactly the same
thing, except that it uses the glibc-specific function strnlen rather than
using strlen and figuring out the smaller of the two lengths. That probably
increases efficiency if we have a string longer than, but we can't portably
use strnlen, so we'd have to check for it; doesn't seem worth the trouble.
- Josh Triplett
Attachment:
signature.asc
Description: OpenPGP digital signature