On Wed, Apr 02, 2008 at 03:54:52PM -0700, Matthew Dempsky wrote: > On Wed, Apr 2, 2008 at 2:48 PM, Mike Erdely <[EMAIL PROTECTED]> wrote: > > -@@ -344,7 +344,7 @@ char *strdup( const char *s ) > > - > > - if (result != NULL) > > - { > > -- strcpy( result, s ); > > -+ strlcpy( result, s, sizeof(result) ); > > - } > > - > > - return( result ); > > It seems worth pointing out that this patch is an example of > carelessly replacing strcpy with strlcpy. result here is a pointer, > not a fixed size array, so sizeof(result) just returns 4 or 8 instead > of the buffer size. (Of course, OpenBSD provides strdup in libc, so > this code isn't used, patched or not.)
For what it's worth, that section of code was wrapped in: #ifdef __MINGW32__ char *strdup... #endif /* def __MINGW32__ */ -ME