From: Ville S. <vil...@ik...> - 2010-04-08 18:36:16
|
On Thursday 08 April 2010, Lawrence D'Oliveiro wrote: > Ville Skyttä wrote: > > There's now a similar warning from line 1698 in git: > > strncat(line2, directive, LINE_LEN); > > > > ...which I gather could overflow because length of both line2 and > > directive is > > > > LINE_LEN and from my strncat man page: > > If src contains n or more characters, strncat() writes n+1 characters > > to dest (n from src plus the terminating null byte). Therefore, the > > size of dest must be at least strlen(dest)+n+1. > > A pox on null-terminated strings. Damn them, I say. Verily, let them be > thrice-cursed. Is there no simple function I can use to append to one so > it won’t overflow a fixed limit? strlcat()/strlcpy()? They're BSDish things though and not available in e.g. glibc (nor will be based on what I've read on the subject) but if one likes them, they or equivalents are available in at least libbsd and glib. http://en.wikipedia.org/wiki/Strlcpy |