The strncpy() function is less horrible than strcpy(), but is still pretty easy to misuse because of its funny termination semantics. Namely, that if it truncates it omits the NUL terminator, and you must remember to add it yourself. Even if you use it correctly, it's sometimes hard for a reader to verify this without hunting through the code. If you're thinking about using it, consider instead: - strlcpy() if you really just need a truncated but NUL-terminated string (we provide a compat version, so it's always available) - xsnprintf() if you're sure that what you're copying should fit - strbuf or xstrfmt() if you need to handle arbitrary-length heap-allocated strings Note that there is one instance of strncpy in compat/regex/regcomp.c, which is fine (it allocates a sufficiently large string before copying). But this doesn't trigger the ban-list even when compiling with NO_REGEX=1, because: 1. we don't use git-compat-util.h when compiling it (instead we rely on the system includes from the upstream library); and 2. It's in an "#ifdef DEBUG" block Since it's doesn't trigger the banned.h code, we're better off leaving it to keep our divergence from upstream minimal. Signed-off-by: Jeff King <peff@xxxxxxxx> --- banned.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/banned.h b/banned.h index c83d6cb9df..ab96954583 100644 --- a/banned.h +++ b/banned.h @@ -14,6 +14,8 @@ #define strcpy(x,y) BANNED(strcpy) #undef strcat #define strcat(x,y) BANNED(strcat) +#undef strncpy +#define strncpy(x,y,n) BANNED(strncpy) #undef sprintf #undef vsprintf -- 2.18.0.542.g2bf2fc4f7e