On 16/12/2025 13:16, Dagfinn Ilmari Mannsåker wrote:
A quick grep reveals a bunch of strncpy() calls followed by a '\0'
assignment that could be replaced with strlcpy():
$ rg -A1 strncpy|rg -B1 "= '\\\\0';"
src/interfaces/libpq/fe-secure-openssl.c: strncpy(buf,
conn->sslpassword, size);
src/interfaces/libpq/fe-secure-openssl.c- buf[size - 1] = '\0';
I'm not sure what exactly this code does, but it seems prudent to zero
the unused bytes since we're dealing with a password.
--
src/bin/pgbench/pgbench.c: strncpy(*script, option, namelen);
src/bin/pgbench/pgbench.c- (*script)[namelen] = '\0';
Yeah, this one could use strlcpy(). Or memcpy(). Or pstrndup().
--
doc/src/sgml/ecpg.sgml: strncpy(name_buf, v.sqlname.data,
v.sqlname.length);
doc/src/sgml/ecpg.sgml- name_buf[v.sqlname.length] = '\0';
--
doc/src/sgml/ecpg.sgml: strncpy(name_buf, v.sqlname.data,
v.sqlname.length);
doc/src/sgml/ecpg.sgml- name_buf[v.sqlname.length] = '\0';
--
src/interfaces/ecpg/ecpglib/execute.c:
strncpy(newcopy, (char *) var->value, slen);
src/interfaces/ecpg/ecpglib/execute.c-
newcopy[slen] = '\0';
--
src/interfaces/ecpg/ecpglib/execute.c:
strncpy(mallocedval, (char *) var->value, slen);
src/interfaces/ecpg/ecpglib/execute.c-
mallocedval[slen] = '\0';
--
src/interfaces/ecpg/ecpglib/execute.c:
strncpy(newcopy, variable->arr, variable->len);
src/interfaces/ecpg/ecpglib/execute.c-
newcopy[variable->len] = '\0';
I don't know if these depend on the zero-padding...
--
src/backend/utils/adt/name.c: strncpy(NameStr(*name), str, NAMEDATALEN);
src/backend/utils/adt/name.c- NameStr(*name)[NAMEDATALEN - 1] = '\0';
This one *does* require the zero-padding, there's a comment that says so:
void
namestrcpy(Name name, const char *str)
{
/* NB: We need to zero-pad the destination. */
strncpy(NameStr(*name), str, NAMEDATALEN);
NameStr(*name)[NAMEDATALEN - 1] = '\0';
}
- Heikki
