This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: If glibc had a logo what would it be?

On 12/09/2012 07:18 AM, Rich Felker wrote:
> The latter facilitates correct code handling an exceptional condition
> (input too big to fit in a buffer whose size is not variable based on
> the input).

That might be true in theory, but practice differs.
When I first ran into the idea of modifying software to
use strlcpy/strlcat, I briefly surveyed the use of these
functions in OpenSSH, an early adopter.  Almost every use was
unnecessary, in that it didn't change the behavior
of the program compared to ordinary strcpy/strcat.
And the exception was a bug in OpenSSH, due to
silent truncation of input.  Ouch.

Many modern C libraries lack strlcpy/strlcat, and libraries that
have these functions do not agree about their semantics, so
they're not a de facto standard.  Given the known design flaws of
these functions and the evident controversy associated with them,
I suggest that people with the energy and inclination to write
or rewrite their C programs in an explicit bounds-checking style
look into C11 Annex K instead.  The slibc project is one way to
do that <http://sourceware.org/ml/libc-alpha/2012-10/msg00915.html>.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]