This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: PATCH: safe string copy and concetation
- To: Ulrich Drepper <drepper at cygnus dot com>
- Subject: Re: PATCH: safe string copy and concetation
- From: Kaz Kylheku <kaz at ashi dot footprints dot net>
- Date: Tue, 8 Aug 2000 10:50:16 -0700 (PDT)
- cc: Christoph Hellwig <hch at caldera dot de>, libc-alpha at sources dot redhat dot com
On 8 Aug 2000, Ulrich Drepper wrote:
> Date: 08 Aug 2000 09:43:59 -0700
> From: Ulrich Drepper <drepper@redhat.com>
> Reply-To: Ulrich Drepper <drepper@cygnus.com>
> To: Christoph Hellwig <hch@caldera.de>
> Cc: libc-alpha@sources.redhat.com
> Subject: Re: PATCH: safe string copy and concetation
>
> Christoph Hellwig <hch@caldera.de> writes:
>
> > this patch implements the string functions strlcat and
> > strlcpy for gnu libc.
>
> This is horribly inefficient BSD crap. Using these function only
> leads to other errors. Correct string handling means that you always
> know how long your strings are and therefore you can you memcpy
> (instead of strcpy).
These words make sense. The problem with strlcat and strlcpy is that they
assume that it's okay to arbitrarily discard data for the sake of preventing a
buffer overflow. The buffer overflow may be prevented, but because data may
have been discarded, the program is still incorrect. This is roughly analogous
to clamping floating point overflow to DBL_MAX and merrily continuing
in the calculation. ;)