On 2007-05-21 16:36:16 +0200, Petr Baudis wrote: > It's the opposite for me - we don't properly set the NUL byte for > smoe of our strncpy() calls, but I don't really see his problem with > snprintf(), we seem to handle its return value correctly everywhere > (except diff.c, but there the buffer sizes should be designed in > such a way that an overflow should be impossible). I think this kind of detailed case-by-case analysis defeats Timo's point, though: that the C library functions make it too easy to write bugs. If it's necessary to do non-trivial bounds checking etc. at every call site, it doesn't really matter if we currently do get them all right; at some point, we _are_ going to miss one. Instead of using our collective C-fu to get difficult calls right, we should be using it to construct string routines that have low enough overhead that it's lost in the noise, and are dead simple to use (and, of course, that can be cleanly bypassed in the 1% of cases where it's necessary). -- Karl Hasselström, kha@xxxxxxxxxxx www.treskal.com/kalle - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html