svn commit: r245036 - head/sys/kern
Oleg Moskalenko
oleg.moskalenko at citrix.com
Fri Jan 4 20:57:01 UTC 2013
> -----Original Message-----
> > I think it would be better to teach strlcpy to zero-pad as well.
>
> I'd rather we created new functions with new names that add the non-portable
> zeroing behaviour -- perhaps strlpcpy() and strnpcpy(), or something equally
> incomprehensible. This semantic may actually trigger bugs in code that is
> correct (albeit badly written) using strncpy() and strlcpy() in a way that never fully
> fills the buffer (due to some external invariant) and has an incorrect bounds
> check -- and potentially trigger performance problems when target buffers are
> much larger than the copied data.
>
> Robert
> _______________________________________________
Robert is right - this is not a good idea to rely on a non-standard "smart" behavior of basic functions. If the developer wants to code it "securely", he/she always can use his own wrappers around the strncpy() etc. Any inherent built-in behavior that is not "standard" is affecting future maintenance of the code.
Oleg
More information about the svn-src-all
mailing list