On Thu, Aug 30, 2007 at 10:14:04PM +0000, Junio C Hamano wrote: > "Reece Dunn" <msclrhd@xxxxxxxxxxxxxx> writes: > > > Why is it easier? If you have a fixed-size buffer, why not use > > strncpy, which is what a safe string API is essentially doing anyway? > > I would not claim unchecked strcpy is good -- we obviously would > want to fix them. > > But at the same time use of strncpy, strlcpy and friends solves > only half of the problem. Actually, strncpy solves nothing as it's completely broken in so many ways: it does not necessarily ends the string with a NUL-char, and it NUL-pads the buffer, making it really slow when you use it top copy 10 chars in a BUFSIZ-big buffer. strncpy should never ever be used, few programmers understand it, and it's very error prone. -- ·O· Pierre Habouzit ··O madcoder@xxxxxxxxxx OOO http://www.madism.org
Attachment:
pgpKyuHLaMffc.pgp
Description: PGP signature
