(adding Chris Metcalf) On Tue, 2019-07-23 at 15:41 +0000, David Laight wrote: > From: Rasmus Villemoes > > Sent: 23 July 2019 07:56 > ... > > > +/** > > > + * stracpy - Copy a C-string into an array of char > > > + * @to: Where to copy the string, must be an array of char and not a pointer > > > + * @from: String to copy, may be a pointer or const char array > > > + * > > > + * Helper for strscpy. > > > + * Copies a maximum of sizeof(@to) bytes of @from with %NUL termination. > > > + * > > > + * Returns: > > > + * * The number of characters copied (not including the trailing %NUL) > > > + * * -E2BIG if @to is a zero size array. > > > > Well, yes, but more importantly and generally: -E2BIG if the copy > > including %NUL didn't fit. [The zero size array thing could be made into > > a build bug for these stra* variants if one thinks that might actually > > occur in real code.] > > Probably better is to return the size of the destination if the copy didn't fit > (zero if the buffer is zero length). > This allows code to do repeated: > offset += str*cpy(buf + offset, src, sizeof buf - offset); > and do a final check for overflow after all the copies. > > The same is true for a snprintf()like function Chris? You added this function. Do you have an opinion here?