On Tue, Dec 16, 2025 at 04:02:53PM +0200, Heikki Linnakangas wrote: >> doc/src/sgml/ecpg.sgml: strncpy(name_buf, v.sqlname.data, >> v.sqlname.length); >> doc/src/sgml/ecpg.sgml- name_buf[v.sqlname.length] = '\0'; >> -- >> doc/src/sgml/ecpg.sgml: strncpy(name_buf, v.sqlname.data, >> v.sqlname.length); >> doc/src/sgml/ecpg.sgml- name_buf[v.sqlname.length] = '\0'; >> -- >> src/interfaces/ecpg/ecpglib/execute.c: >> strncpy(newcopy, (char *) var->value, slen); >> src/interfaces/ecpg/ecpglib/execute.c- >> newcopy[slen] = '\0'; >> -- >> src/interfaces/ecpg/ecpglib/execute.c: >> strncpy(mallocedval, (char *) var->value, slen); >> src/interfaces/ecpg/ecpglib/execute.c- >> mallocedval[slen] = '\0'; >> -- >> src/interfaces/ecpg/ecpglib/execute.c: >> strncpy(newcopy, variable->arr, variable->len); >> src/interfaces/ecpg/ecpglib/execute.c- >> newcopy[variable->len] = '\0'; > > I don't know if these depend on the zero-padding...
Good question. This code has never been changed since its introduction in a4f25b6a9c2d... But anyway, looking more closely I think that we should be OK with just switching to strlcpy() as long as we do the call with a "len + 1" and not "len" to account for the zero termination based on the allocations done just before copying the values. -- Michael
signature.asc
Description: PGP signature
