Follow-up Comment #4, bug #66147 (group screen): Using `strncpy()` is nearly everytime wrong:
- there are no guarantees that the string is zero terminated
- it pads the complete free space with zeros (e.g. `strncpy(buf, "A", 4)`
results in ['A', '\0', '\0', '\0']
There exists `strlcpy()` which does, what most people expect from `strncpy()`.
But a) it has portability problems and b) it shares another problem with
`strncpy()`: you have to check the return value to prevent operating on
undefined string.
`strcpy` is perfectly fine (except you are using broken audittools)
`FORTIFY_SOURCE` protects also `strcpy()` (see <bits/string_fortified.h>)
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66147>
_______________________________________________
Nachricht gesendet über Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
