"Reece Dunn" <msclrhd@xxxxxxxxxxxxxx> writes: > Why is it easier? If you have a fixed-size buffer, why not use > strncpy, which is what a safe string API is essentially doing anyway? I would not claim unchecked strcpy is good -- we obviously would want to fix them. But at the same time use of strncpy, strlcpy and friends solves only half of the problem. Often people say "use strncpy or strlcpy then you would not overstep the buffer", but that does not really solve anything, without additional logic to deal with resulting truncation (barfing with "insanely long string" error message and dying is the least impact). Continuing the work on data that the user did not intend to give you is just as wrong as using corrupt data that overflowed your static buffer. Does Timo's nonstandard API solve that issue? Perhaps it does, perhaps not. Does it make easier to maintain our code? I highly doubt it in the current shape. It is well and widely understood idiom to use strlcpy to a fixed-sized buffer and checking the resulting length to make sure the result would not have overflowed (and if it would have, issue an error and die). I would not have anything against a set of patches to follow such a pattern. But a patch to add a non-standard API that nobody else uses, without any patch to show the changes to a few places that could use the API to demonstrate that the use of API vastly cleans the code up and makes it infinitely harder to make mistakes? The API needs to justify itself to convince the people who needs to learn and adjust to that the benefit far outweighes deviation from better known patterns, and I do not see that happening in Timo's patch. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
