On Wed, Jan 02, 2019 at 09:38:46AM +0000, Eric Wong wrote: > strncat() has the same quadratic behavior as strcat() and is > difficult-to-read and bug-prone. While it hasn't yet been a > problem in git iself, strncat() found it's way into 'master' > of cgit and caused segfaults on my system. I'm in favor of this. It doesn't have the "oops, I didn't NUL-terminate for you" problem that strncpy() has. But it actually has the opposite problem! It will always place a NUL, and you have to feed it sizeof(dst)-1 to avoid an overflow. So I think it's important for safety (though I'd be fine banning it on the quadratic grounds alone ;) ). -Peff
