nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] strncpy(3), die, die, die.

2016-10-24 17:19:57


Ralph Corderoy wrote:
Perhaps a complainant could be told of the secret $NMHNOBARF to stop
TRUNCCPY from aborting?  Though it would still complain for the first N
goes?

i think the moment that the state of the program becomes undefined, you
should abort.

malloc and asprintf helpfully return a useless value (NULL) if they
can't fit your result into a new heap blob.

snprintf, strncpy, and strlcpy do not.

the right thing to create on overflow is an empty string. if the caller
doesn't check the return value, they're going to wonder where that empty
string came from. this would teach callers to check return values.

returning the front half of the source string is bad. and while
returning it non-\0-terminated is worse, neither is acceptable.

i once received a thousands-of-lines-long patch to bind8 to make it use
snprintf and strlcpy. i rejected it, and replaced every caller whose
starting conditions were not obvious from simple inspection with an "if"
statement that crashed out of the current operation if the resulting
string would not fit my assumptions.

replacing overrun with truncation is not a big enough improvement to
justify touching the code at all.

-- 
P Vixie


_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>