This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v4] Implement strlcpy [BZ #178]
- From: Rich Felker <dalias at libc dot org>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: Paul Eggert <eggert at cs dot ucla dot edu>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 4 Nov 2015 10:08:49 -0500
- Subject: Re: [PATCH v4] Implement strlcpy [BZ #178]
- Authentication-results: sourceware.org; auth=none
- References: <56326B79 dot 8070804 at redhat dot com> <563294BE dot 9070105 at cs dot ucla dot edu> <56376656 dot 1000600 at redhat dot com> <20151103161550 dot GP8645 at brightrain dot aerifal dot cx> <56393F6F dot 5070301 at cs dot ucla dot edu> <20151104005637 dot GR8645 at brightrain dot aerifal dot cx> <56397280 dot 4000805 at cs dot ucla dot edu> <20151104032321 dot GS8645 at brightrain dot aerifal dot cx> <563A03FD dot 3090106 at redhat dot com>
On Wed, Nov 04, 2015 at 02:11:25PM +0100, Florian Weimer wrote:
> On 11/04/2015 04:23 AM, Rich Felker wrote:
> > There's certainly existing code that relies on strcpy not clobbering
> > anything past the strlen(src)+1 bytes it writes. Naturally strcpy
> > _can't_ do this because it has no way of knowing the dest buffer size.
> > But to be able to use strlcpy as a safer drop-in replacement in such
> > code, it would need to preserve this property.
>
> Good. I'm now convinced that there is such a requirement for strcpy,
> fgets and so on. I checked our documentation and the standard for
> strcpy and fgets, and we do not explicitly specify this behavior
> (although I agree it is implicit). My question is whether we should
> specify this explicitly for strlcpy. It would give the impression that
> strlcpy is special in this regard, but it really is not.
I'm fine with omitting explicit documentation (which I agree would
imply strlcpy is special and raise confusion about the general
principle) as long as there's consensus that this is part of the
interface contract. I'd like to see some general language added to the
glibc docs explaining this at some point.
Rich