> > David Friedman <[EMAIL PROTECTED]> wrote: > I encountered a problem very much similar to this when checking some > code that made extensive use of this macro: > > #define newstr(s)\ > strcpy(malloc(strlen(s) + 1), s) > > every time it used that macro is raised a "-boundswrite" warning > since it thought the src buffer could get overflowed. > > Urk. This code is of course broken. (Why, oh WHY, didn't ANSI bless > "strdup"?) malloc() can fail, returning a NULL pointer, and then this > code *will* crash or scribble on memory incorrectly.
actually, that's what the original code was, I inadvertantly changed it to malloc before posting it. > > The best solution is to write your own void *xmalloc(size_t) function > which abort()s or exit()s if memory runs out, and make sure that SPLint > knows that it always returns a long enough block. > this was actually from Sendmail's source code, so hopefully that is not broken :-) David
