On Tuesday 19 May 2015 22:24:27 Light, John J wrote:
> It is gratifying to see more use of length protected string copies, but is
> important that they be done properly.
>
> I don't see any
>
> strcpy(to, from);
>
> but I do see more than one
>
> strncpy(to, from, strlen(from));
>
> and
>
> strncpy(to, from, sizeof (from));
>
> Both of these are equivalent to strcpy, and should be avoided.
>
> It is critical that the third argument of strncpy be the amount of storage
> in the first argument (the destination).
Thanks for the tip John
To everyone: please read your warnings. I've caught code doing something
similar but not realising that the destination was a pointer, not an array.
memset(to, '\0', sizeof(to));
does not work for "char *to".
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
