Using strlcpy if target OS allows it
Joe Buck
Joe.Buck@synopsys.COM
Mon Apr 18 02:02:00 GMT 2005
On Sat, Apr 16, 2005 at 02:09:46PM +0200, Marc Espie wrote:
> What's the correct way to test for a libc function on the target OS ?
>
> The reason I'm asking is that OpenBSD has actually started killing uses
> of strcpy in its base system, for auditing purposes.
>
> libstdc++ has a number of calls to strcpy, which can be replaced by
> strlcpy, if the host OS allows it...
If the strcpy call is correct, isn't replacing it by strlcpy a
pessimization? Auditing for correctness of strcpy calls is appropriate;
minimizing their number seems like a good strategy as well;
forbidding it seems wrong (especially in a system support library where
every user will experience a slowdown).
I'd take strlcpy over strncpy, but not over strcpy (because the length
check can't be avoided even when it is redundant).
More information about the Libstdc++
mailing list