Paul Eggert wrote:
> @@ -48,7 +48,8 @@ get_locale_dependent_values (struct locale_dependent_values
> *result)
> snprintf (result->numeric, sizeof (result->numeric),
> "%g", 3.5);
> /* result->numeric is usually "3,5" */
> - strcpy (result->time, nl_langinfo (MON_1));
> + strncpy (result->time, nl_langinfo (MON_1), sizeof result->time - 1);
> + result->time[sizeof result->time - 1] = '\0';
> /* result->time is usually "janvier" */
> }
>
This change has replaced code with 1 drawback
- The string copy may overrun the buffer.
by code with 3 drawbacks
- The string copy may be silently truncated.
- The code needs 2 lines, instead of 1 line.
- In the common cases, the large result buffer gets needlessly filled
with NULs.
I think the best way to deal with this situation is the function 'strlcpy':
ASSERT (strlcpy (result->time, nl_langinfo (MON_1), sizeof result->time) <
sizeof result->time);
This way,
- The string copy will not overrun the buffer.
- The string copy will always be NUL-terminated.
- Silent truncation does not occur.
- The code fits in one line.
- The code is not needlessly inefficient.
Here's a proposal to add 'strlcpy' to gnulib.
Yes, I have read the relevant documentation:
https://www.freebsd.org/cgi/man.cgi?query=strlcpy&sektion=3
and the discussions:
https://www.sourceware.org/ml/libc-alpha/2000-08/msg00052.html
https://lwn.net/Articles/612244/
https://sourceware.org/ml/libc-alpha/2014-09/msg00350.html
https://sourceware.org/glibc/wiki/strlcpy
The major argument against strlcpy is that it is not fool-proof:
If the caller ignores the return value, silent truncation can occur.
To prevent this, the proposed patch declares strlcpy with
__attribute__((__warn_unused_result__)) on all platforms.
Bruno
>From dc4a8d880cb3be138b96b682ae57a10259a67ba4 Mon Sep 17 00:00:00 2001
From: Bruno Haible <br...@clisp.org>
Date: Thu, 28 Sep 2017 00:30:05 +0200
Subject: [PATCH 1/2] New module 'strlcpy'.
* lib/string.in.h (_GL_ATTRIBUTE_RETURN_CHECK): New macro.
(strlcpy): New declaration.
* lib/strlcpy.c: New file.
* m4/strlcpy.m4: New file.
* modules/strlcpy: New file.
* m4/string_h.m4 (gl_HEADER_STRING_H_BODY): Test whether strlcpy is
declared.
(gl_HEADER_STRING_H_DEFAULTS): Initialize GNULIB_STRLCPY, HAVE_STRLCPY,
REPLACE_STRLCPY.
* modules/string (Makefile.am): Substitite GNULIB_STRLCPY, HAVE_STRLCPY,
REPLACE_STRLCPY.
* doc/gnulib.texi (BSD Function Substitutes): New chapter.
* doc/bsd-functions/strlcpy.texi: New file.
---
ChangeLog | 17 +++++++++++++
doc/bsd-functions/strlcpy.texi | 18 +++++++++++++
doc/gnulib.texi | 27 ++++++++++++++++++++
lib/string.in.h | 46 ++++++++++++++++++++++++++++++++++
lib/strlcpy.c | 57 ++++++++++++++++++++++++++++++++++++++++++
m4/string_h.m4 | 17 +++++++------
m4/strlcpy.m4 | 22 ++++++++++++++++
modules/string | 15 ++++++-----
modules/strlcpy | 26 +++++++++++++++++++
9 files changed, 232 insertions(+), 13 deletions(-)
create mode 100644 doc/bsd-functions/strlcpy.texi
create mode 100644 lib/strlcpy.c
create mode 100644 m4/strlcpy.m4
create mode 100644 modules/strlcpy
diff --git a/ChangeLog b/ChangeLog
index 8a9bbe6..c005f1c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+2017-09-27 Bruno Haible <br...@clisp.org>
+
+ New module 'strlcpy'.
+ * lib/string.in.h (_GL_ATTRIBUTE_RETURN_CHECK): New macro.
+ (strlcpy): New declaration.
+ * lib/strlcpy.c: New file.
+ * m4/strlcpy.m4: New file.
+ * modules/strlcpy: New file.
+ * m4/string_h.m4 (gl_HEADER_STRING_H_BODY): Test whether strlcpy is
+ declared.
+ (gl_HEADER_STRING_H_DEFAULTS): Initialize GNULIB_STRLCPY, HAVE_STRLCPY,
+ REPLACE_STRLCPY.
+ * modules/string (Makefile.am): Substitite GNULIB_STRLCPY, HAVE_STRLCPY,
+ REPLACE_STRLCPY.
+ * doc/gnulib.texi (BSD Function Substitutes): New chapter.
+ * doc/bsd-functions/strlcpy.texi: New file.
+
2017-09-26 Bruno Haible <br...@clisp.org>
uniname/uniname-tests: Tighten code.
diff --git a/doc/bsd-functions/strlcpy.texi b/doc/bsd-functions/strlcpy.texi
new file mode 100644
index 0000000..5ce05dc
--- /dev/null
+++ b/doc/bsd-functions/strlcpy.texi
@@ -0,0 +1,18 @@
+@node strlcpy
+@subsection @code{strlcpy}
+@findex strlcpy
+
+Gnulib module: strlcpy
+
+Portability problems fixed by Gnulib:
+@itemize
+@item
+This function is missing on some platforms:
+glibc 2.24, AIX 5.1, HP-UX 11, OSF/1 5.1, mingw, MSVC 14, BeOS.
+@item
+Ignoring the return value of this function does not produce a warning.
+@end itemize
+
+Portability problems not fixed by Gnulib:
+@itemize
+@end itemize
diff --git a/doc/gnulib.texi b/doc/gnulib.texi
index 1468c14..6a52787 100644
--- a/doc/gnulib.texi
+++ b/doc/gnulib.texi
@@ -69,6 +69,7 @@ Documentation License''.
* Legacy Function Substitutes:: Replacing system functions.
* Glibc Header File Substitutes:: Overriding system headers.
* Glibc Function Substitutes:: Replacing system functions.
+* BSD Function Substitutes:: Replacing system functions.
* Native Windows Support:: Support for the native Windows platforms.
* Particular Modules:: Documentation of individual modules.
* Regular expressions:: The regex module.
@@ -6306,6 +6307,32 @@ This list of functions is sorted according to the header that declares them.
@c @section Glibc Extensions to @code{<wordexp.h>}
+@node BSD Function Substitutes
+@chapter BSD Function Substitutes
+
+This chapter describes which functions and function-like macros provided
+as extensions by the common BSD systems (FreeBSD, NetBSD, OpenBSD) are
+also supported by Gnulib, which portability pitfalls are fixed by Gnulib,
+and which (known) portability problems are not worked around by Gnulib.
+
+@nosuchmodulenote function
+
+This list of functions is sorted according to the header that declares them.
+
+@menu
+* BSD string.h::
+@end menu
+
+@node BSD string.h
+@section BSD Extensions to @code{<string.h>}
+
+@menu
+* strlcpy::
+@end menu
+
+@include bsd-functions/strlcpy.texi
+
+
@node Native Windows Support
@chapter Native Windows Support
diff --git a/lib/string.in.h b/lib/string.in.h
index eb5be69..e7d6f4b 100644
--- a/lib/string.in.h
+++ b/lib/string.in.h
@@ -60,6 +60,16 @@
# define _GL_ATTRIBUTE_PURE /* empty */
#endif
+/* Declares that the return value of a function should not be ignored by the
+ caller. The warn_unused_result attribute appeared first in gcc-3.4.0. */
+#ifndef _GL_ATTRIBUTE_RETURN_CHECK
+# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)
+# define _GL_ATTRIBUTE_RETURN_CHECK __attribute__((__warn_unused_result__))
+# else
+# define _GL_ATTRIBUTE_RETURN_CHECK
+# endif
+#endif
+
/* NetBSD 5.0 declares strsignal in <unistd.h>, not in <string.h>. */
/* But in any case avoid namespace pollution on glibc systems. */
#if (@GNULIB_STRSIGNAL@ || defined GNULIB_POSIXCHECK) && defined __NetBSD__ \
@@ -1041,6 +1051,42 @@ _GL_WARN_ON_USE (strsignal, "strsignal is unportable - "
# endif
#endif
+/* Copies the string SRC, possibly truncated, into the bounded memory area
+ [DST,...,DST+DSTSIZE-1]. Returns strlen (SRC).
+ The result is truncated if and only if the return value is >= DSTSIZE.
+ The result is truncated without NUL terminator if and only if DSTSIZE == 0.
+ */
+#if @GNULIB_STRLCPY@
+# if @REPLACE_STRLCPY@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef strlcpy
+# define strlcpy rpl_strlcpy
+# endif
+_GL_FUNCDECL_RPL (strlcpy, size_t,
+ (char *__dst, const char *__src, size_t __dstsize)
+ _GL_ARG_NONNULL ((1, 2))
+ _GL_ATTRIBUTE_RETURN_CHECK);
+_GL_CXXALIAS_RPL (strlcpy, size_t,
+ (char *__dst, const char *__src, size_t __dstsize));
+# else
+# if !@HAVE_STRLCPY@
+_GL_FUNCDECL_SYS (strlcpy, size_t,
+ (char *__dst, const char *__src, size_t __dstsize)
+ _GL_ARG_NONNULL ((1, 2))
+ _GL_ATTRIBUTE_RETURN_CHECK);
+# endif
+_GL_CXXALIAS_SYS (strlcpy, size_t,
+ (char *__dst, const char *__src, size_t __dstsize));
+# endif
+_GL_CXXALIASWARN (strlcpy);
+#elif defined GNULIB_POSIXCHECK
+# undef strndup
+# if HAVE_RAW_DECL_STRLCPY
+_GL_WARN_ON_USE (strlcpy, "strlcpy is unportable - "
+ "use gnulib module strlcpy for portability");
+# endif
+#endif
+
#if @GNULIB_STRVERSCMP@
# if !@HAVE_STRVERSCMP@
_GL_FUNCDECL_SYS (strverscmp, int, (const char *, const char *)
diff --git a/lib/strlcpy.c b/lib/strlcpy.c
new file mode 100644
index 0000000..e6cb133
--- /dev/null
+++ b/lib/strlcpy.c
@@ -0,0 +1,57 @@
+/* Copy a string into a bounded memory area.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>. */
+
+/* Written by Bruno Haible <br...@clisp.org>, 2017. */
+
+#include <config.h>
+
+/* Specification. */
+#include <string.h>
+
+/* Copies the string SRC, possibly truncated, into the bounded memory area
+ [DST,...,DST+DSTSIZE-1]. Returns strlen (SRC).
+ The result is truncated if and only if the return value is >= DSTSIZE.
+ The result is truncated without NUL terminator if and only if DSTSIZE == 0.
+ */
+size_t
+strlcpy (char *dst, const char *src, size_t dstsize)
+#undef strlcpy
+{
+ /* The implementation in dietlibc is broken, says
+ <https://sourceware.org/glibc/wiki/strlcpy>. */
+#if HAVE_STRLCPY && !defined __dietlibc__
+ return strlcpy (dst, src, dstsize);
+#else
+ if (dstsize > 0)
+ {
+ /* This implementation makes only one pass through SRC, for cache
+ efficiency. */
+ char *p = dst;
+ while (--dstsize > 0)
+ {
+ char c = *src++;
+ *p = c;
+ if (c == '\0')
+ return p - dst;
+ p++;
+ }
+ *p = '\0';
+ return (p - dst) + strlen (src);
+ }
+ else
+ return strlen (src);
+#endif
+}
diff --git a/m4/string_h.m4 b/m4/string_h.m4
index ac6311f..b8f68ce 100644
--- a/m4/string_h.m4
+++ b/m4/string_h.m4
@@ -5,7 +5,7 @@
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-# serial 21
+# serial 22
# Written by Paul Eggert.
@@ -29,7 +29,7 @@ AC_DEFUN([gl_HEADER_STRING_H_BODY],
]],
[ffsl ffsll memmem mempcpy memrchr rawmemchr stpcpy stpncpy strchrnul
strdup strncat strndup strnlen strpbrk strsep strcasestr strtok_r
- strerror_r strsignal strverscmp])
+ strerror_r strsignal strlcpy strverscmp])
])
AC_DEFUN([gl_STRING_MODULE_INDICATOR],
@@ -80,6 +80,7 @@ AC_DEFUN([gl_HEADER_STRING_H_DEFAULTS],
GNULIB_STRERROR=0; AC_SUBST([GNULIB_STRERROR])
GNULIB_STRERROR_R=0; AC_SUBST([GNULIB_STRERROR_R])
GNULIB_STRSIGNAL=0; AC_SUBST([GNULIB_STRSIGNAL])
+ GNULIB_STRLCPY=0; AC_SUBST([GNULIB_STRLCPY])
GNULIB_STRVERSCMP=0; AC_SUBST([GNULIB_STRVERSCMP])
HAVE_MBSLEN=0; AC_SUBST([HAVE_MBSLEN])
dnl Assume proper GNU behavior unless another module says otherwise.
@@ -103,20 +104,22 @@ AC_DEFUN([gl_HEADER_STRING_H_DEFAULTS],
HAVE_DECL_STRTOK_R=1; AC_SUBST([HAVE_DECL_STRTOK_R])
HAVE_DECL_STRERROR_R=1; AC_SUBST([HAVE_DECL_STRERROR_R])
HAVE_DECL_STRSIGNAL=1; AC_SUBST([HAVE_DECL_STRSIGNAL])
+ HAVE_STRLCPY=1; AC_SUBST([HAVE_STRLCPY])
HAVE_STRVERSCMP=1; AC_SUBST([HAVE_STRVERSCMP])
REPLACE_MEMCHR=0; AC_SUBST([REPLACE_MEMCHR])
REPLACE_MEMMEM=0; AC_SUBST([REPLACE_MEMMEM])
REPLACE_STPNCPY=0; AC_SUBST([REPLACE_STPNCPY])
+ REPLACE_STRCHRNUL=0; AC_SUBST([REPLACE_STRCHRNUL])
REPLACE_STRDUP=0; AC_SUBST([REPLACE_STRDUP])
+ REPLACE_STRNCAT=0; AC_SUBST([REPLACE_STRNCAT])
+ REPLACE_STRNDUP=0; AC_SUBST([REPLACE_STRNDUP])
+ REPLACE_STRNLEN=0; AC_SUBST([REPLACE_STRNLEN])
REPLACE_STRSTR=0; AC_SUBST([REPLACE_STRSTR])
REPLACE_STRCASESTR=0; AC_SUBST([REPLACE_STRCASESTR])
- REPLACE_STRCHRNUL=0; AC_SUBST([REPLACE_STRCHRNUL])
+ REPLACE_STRTOK_R=0; AC_SUBST([REPLACE_STRTOK_R])
REPLACE_STRERROR=0; AC_SUBST([REPLACE_STRERROR])
REPLACE_STRERROR_R=0; AC_SUBST([REPLACE_STRERROR_R])
- REPLACE_STRNCAT=0; AC_SUBST([REPLACE_STRNCAT])
- REPLACE_STRNDUP=0; AC_SUBST([REPLACE_STRNDUP])
- REPLACE_STRNLEN=0; AC_SUBST([REPLACE_STRNLEN])
REPLACE_STRSIGNAL=0; AC_SUBST([REPLACE_STRSIGNAL])
- REPLACE_STRTOK_R=0; AC_SUBST([REPLACE_STRTOK_R])
+ REPLACE_STRLCPY=0; AC_SUBST([REPLACE_STRLCPY])
UNDEFINE_STRTOK_R=0; AC_SUBST([UNDEFINE_STRTOK_R])
])
diff --git a/m4/strlcpy.m4 b/m4/strlcpy.m4
new file mode 100644
index 0000000..68eaf48
--- /dev/null
+++ b/m4/strlcpy.m4
@@ -0,0 +1,22 @@
+# strlcpy.m4 serial 1
+dnl Copyright (C) 2017 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_STRLCPY],
+[
+ AC_REQUIRE([gl_HEADER_STRING_H_DEFAULTS])
+
+ AC_CHECK_FUNCS_ONCE([strlcpy])
+ if test $ac_cv_func_strlcpy = yes; then
+ dnl The system's <string.h> declares the function without
+ dnl __attribute__((__warn_unused_result__)). Therefore override it.
+ REPLACE_STRLCPY=1
+ else
+ HAVE_STRLCPY=0
+ fi
+])
+
+# Prerequisites of lib/strlcpy.c.
+AC_DEFUN([gl_PREREQ_STRLCPY], [:])
diff --git a/modules/string b/modules/string
index 8a07da5..daa079b 100644
--- a/modules/string
+++ b/modules/string
@@ -67,6 +67,7 @@ string.h: string.in.h $(top_builddir)/config.status $(CXXDEFS_H) $(ARG_NONNULL_H
-e 's/@''GNULIB_STRERROR''@/$(GNULIB_STRERROR)/g' \
-e 's/@''GNULIB_STRERROR_R''@/$(GNULIB_STRERROR_R)/g' \
-e 's/@''GNULIB_STRSIGNAL''@/$(GNULIB_STRSIGNAL)/g' \
+ -e 's/@''GNULIB_STRLCPY''@/$(GNULIB_STRLCPY)/g' \
-e 's/@''GNULIB_STRVERSCMP''@/$(GNULIB_STRVERSCMP)/g' \
< $(srcdir)/string.in.h | \
sed -e 's|@''HAVE_EXPLICIT_BZERO''@|$(HAVE_EXPLICIT_BZERO)|g' \
@@ -90,21 +91,23 @@ string.h: string.in.h $(top_builddir)/config.status $(CXXDEFS_H) $(ARG_NONNULL_H
-e 's|@''HAVE_DECL_STRTOK_R''@|$(HAVE_DECL_STRTOK_R)|g' \
-e 's|@''HAVE_DECL_STRERROR_R''@|$(HAVE_DECL_STRERROR_R)|g' \
-e 's|@''HAVE_DECL_STRSIGNAL''@|$(HAVE_DECL_STRSIGNAL)|g' \
+ -e 's|@''HAVE_STRLCPY''@|$(HAVE_STRLCPY)|g' \
-e 's|@''HAVE_STRVERSCMP''@|$(HAVE_STRVERSCMP)|g' \
- -e 's|@''REPLACE_STPNCPY''@|$(REPLACE_STPNCPY)|g' \
-e 's|@''REPLACE_MEMCHR''@|$(REPLACE_MEMCHR)|g' \
-e 's|@''REPLACE_MEMMEM''@|$(REPLACE_MEMMEM)|g' \
- -e 's|@''REPLACE_STRCASESTR''@|$(REPLACE_STRCASESTR)|g' \
+ -e 's|@''REPLACE_STPNCPY''@|$(REPLACE_STPNCPY)|g' \
-e 's|@''REPLACE_STRCHRNUL''@|$(REPLACE_STRCHRNUL)|g' \
-e 's|@''REPLACE_STRDUP''@|$(REPLACE_STRDUP)|g' \
- -e 's|@''REPLACE_STRSTR''@|$(REPLACE_STRSTR)|g' \
- -e 's|@''REPLACE_STRERROR''@|$(REPLACE_STRERROR)|g' \
- -e 's|@''REPLACE_STRERROR_R''@|$(REPLACE_STRERROR_R)|g' \
-e 's|@''REPLACE_STRNCAT''@|$(REPLACE_STRNCAT)|g' \
-e 's|@''REPLACE_STRNDUP''@|$(REPLACE_STRNDUP)|g' \
-e 's|@''REPLACE_STRNLEN''@|$(REPLACE_STRNLEN)|g' \
- -e 's|@''REPLACE_STRSIGNAL''@|$(REPLACE_STRSIGNAL)|g' \
+ -e 's|@''REPLACE_STRSTR''@|$(REPLACE_STRSTR)|g' \
+ -e 's|@''REPLACE_STRCASESTR''@|$(REPLACE_STRCASESTR)|g' \
-e 's|@''REPLACE_STRTOK_R''@|$(REPLACE_STRTOK_R)|g' \
+ -e 's|@''REPLACE_STRERROR''@|$(REPLACE_STRERROR)|g' \
+ -e 's|@''REPLACE_STRERROR_R''@|$(REPLACE_STRERROR_R)|g' \
+ -e 's|@''REPLACE_STRSIGNAL''@|$(REPLACE_STRSIGNAL)|g' \
+ -e 's|@''REPLACE_STRLCPY''@|$(REPLACE_STRLCPY)|g' \
-e 's|@''UNDEFINE_STRTOK_R''@|$(UNDEFINE_STRTOK_R)|g' \
-e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
-e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
diff --git a/modules/strlcpy b/modules/strlcpy
new file mode 100644
index 0000000..f12d8d6
--- /dev/null
+++ b/modules/strlcpy
@@ -0,0 +1,26 @@
+Description:
+strlcpy() function: copy a string into a bounded memory area.
+
+Files:
+lib/strlcpy.c
+m4/strlcpy.m4
+
+Depends-on:
+string
+
+configure.ac:
+gl_FUNC_STRLCPY
+gl_PREREQ_STRLCPY
+gl_STRING_MODULE_INDICATOR([strlcpy])
+
+Makefile.am:
+lib_SOURCES += strlcpy.c
+
+Include:
+<string.h>
+
+License:
+LGPLv2+
+
+Maintainer:
+all
--
2.7.4
From 8e0c10ee607cfea17167fbcd540b18d7f23d9fec Mon Sep 17 00:00:00 2001
From: Bruno Haible <br...@clisp.org>
Date: Thu, 28 Sep 2017 00:31:04 +0200
Subject: [PATCH 2/2] Tests for module 'strlcpy'.
* tests/test-strlcpy.c: New file, based on tests/unistr/test-strncpy.h.
* modules/strlcpy-tests: New file.
* tests/test-string-c++.cc: Check the signature of strlcpy.
---
ChangeLog | 5 ++
modules/strlcpy-tests | 19 ++++++++
tests/test-string-c++.cc | 5 ++
tests/test-strlcpy.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 146 insertions(+)
create mode 100644 modules/strlcpy-tests
create mode 100644 tests/test-strlcpy.c
diff --git a/ChangeLog b/ChangeLog
index c005f1c..8fa21e8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2017-09-27 Bruno Haible <br...@clisp.org>
+ Tests for module 'strlcpy'.
+ * tests/test-strlcpy.c: New file, based on tests/unistr/test-strncpy.h.
+ * modules/strlcpy-tests: New file.
+ * tests/test-string-c++.cc: Check the signature of strlcpy.
+
New module 'strlcpy'.
* lib/string.in.h (_GL_ATTRIBUTE_RETURN_CHECK): New macro.
(strlcpy): New declaration.
diff --git a/modules/strlcpy-tests b/modules/strlcpy-tests
new file mode 100644
index 0000000..fab82e2
--- /dev/null
+++ b/modules/strlcpy-tests
@@ -0,0 +1,19 @@
+Files:
+tests/test-strlcpy.c
+tests/zerosize-ptr.h
+tests/macros.h
+m4/mmap-anon.m4
+
+Depends-on:
+extensions
+getpagesize
+
+configure.ac:
+gl_FUNC_MMAP_ANON
+AC_CHECK_HEADERS_ONCE([sys/mman.h])
+AC_CHECK_FUNCS_ONCE([mprotect])
+
+Makefile.am:
+TESTS += test-strlcpy
+check_PROGRAMS += test-strlcpy
+test_strlcpy_SOURCES = test-strlcpy.c
diff --git a/tests/test-string-c++.cc b/tests/test-string-c++.cc
index 877cf68..c3df903 100644
--- a/tests/test-string-c++.cc
+++ b/tests/test-string-c++.cc
@@ -142,6 +142,11 @@ SIGNATURE_CHECK (GNULIB_NAMESPACE::strerror_r, int, (int, char *, size_t));
SIGNATURE_CHECK (GNULIB_NAMESPACE::strsignal, char *, (int));
#endif
+#if GNULIB_TEST_STRLCPY
+SIGNATURE_CHECK (GNULIB_NAMESPACE::strlcpy, size_t,
+ (char *, const char *, size_t));
+#endif
+
#if GNULIB_TEST_STRVERSCMP
SIGNATURE_CHECK (GNULIB_NAMESPACE::strverscmp, int,
(const char *, const char *));
diff --git a/tests/test-strlcpy.c b/tests/test-strlcpy.c
new file mode 100644
index 0000000..9d5eee9
--- /dev/null
+++ b/tests/test-strlcpy.c
@@ -0,0 +1,117 @@
+/* Tests of strlcpy().
+ Copyright (C) 2010-2017 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>. */
+
+/* Written by Bruno Haible <br...@clisp.org>. */
+
+#include <config.h>
+
+#include <string.h>
+
+#include "signature.h"
+SIGNATURE_CHECK (strlcpy, size_t, (char *, const char *, size_t));
+
+#include <stdlib.h>
+
+#include "zerosize-ptr.h"
+#include "macros.h"
+
+#define MAGIC (char)0xBA
+
+static void
+check_single (const char *input, size_t length, size_t n)
+{
+ char *dest;
+ size_t result;
+ size_t i;
+
+ dest = (char *) malloc (1 + n + 1);
+ ASSERT (dest != NULL);
+
+ for (i = 0; i < 1 + n + 1; i++)
+ dest[i] = MAGIC;
+
+ result = strlcpy (dest + 1, input, n);
+ ASSERT (result == length);
+
+ ASSERT (dest[0] == MAGIC);
+ i = 0;
+ if (n > 0)
+ {
+ for (; i < (n <= length ? n - 1 : length); i++)
+ ASSERT (dest[1 + i] == input[i]);
+ ASSERT (dest[1 + i] == '\0');
+ i++;
+ }
+ for (; i < n + 1; i++)
+ ASSERT (dest[1 + i] == MAGIC);
+
+ free (dest);
+}
+
+static void
+check (const char *input, size_t input_length)
+{
+ size_t length;
+ size_t n;
+
+ ASSERT (input_length > 0);
+ ASSERT (input[input_length - 1] == 0);
+ length = input_length - 1; /* = strlen (input) */
+
+ for (n = 0; n <= 2 * length + 2; n++)
+ check_single (input, length, n);
+
+ /* Check that strlcpy (D, S, N) does not look at more than
+ strlen (S) + 1 bytes. */
+ {
+ char *page_boundary = (char *) zerosize_ptr ();
+
+ if (page_boundary != NULL)
+ {
+ size_t bytes_to_copy = length + 1;
+ char *copy;
+ size_t i;
+
+ copy = (char *) page_boundary - bytes_to_copy;
+ for (i = 0; i < bytes_to_copy; i++)
+ copy[i] = input[i];
+
+ for (n = 0; n <= 2 * length + 2; n++)
+ check_single (copy, length, n);
+ }
+ }
+}
+
+int
+main ()
+{
+ /* Simple string. */
+ { /* "Grüß Gott. Здравствуйте! x=(-b±sqrt(b²-4ac))/(2a) 日本語,中文,한글" */
+ static const char input[] =
+ { 'G', 'r', 0xC3, 0xBC, 0xC3, 0x9F, ' ', 'G', 'o', 't', 't', '.', ' ',
+ 0xD0, 0x97, 0xD0, 0xB4, 0xD1, 0x80, 0xD0, 0xB0, 0xD0, 0xB2, 0xD1, 0x81,
+ 0xD1, 0x82, 0xD0, 0xB2, 0xD1, 0x83, 0xD0, 0xB9, 0xD1, 0x82, 0xD0, 0xB5,
+ '!', ' ', 'x', '=', '(', '-', 'b', 0xC2, 0xB1, 's', 'q', 'r', 't', '(',
+ 'b', 0xC2, 0xB2, '-', '4', 'a', 'c', ')', ')', '/', '(', '2', 'a', ')',
+ ' ', ' ', 0xE6, 0x97, 0xA5, 0xE6, 0x9C, 0xAC, 0xE8, 0xAA, 0x9E, ',',
+ 0xE4, 0xB8, 0xAD, 0xE6, 0x96, 0x87, ',',
+ 0xED, 0x95, 0x9C, 0xEA, 0xB8, 0x80, '\0'
+ };
+ check (input, SIZEOF (input));
+ }
+
+ return 0;
+}
--
2.7.4
