Discussion:
strcpy_s, strlcpy, and strncpy and checking for overflow
Yuhong Bao
2007-05-05 06:57:01 UTC
Permalink
strncpy makes it hard to check for overflow.
strlcpy make it much easier to check for overflow.
strcpy_s (part of the VC2005 libraries) do not copy the string at all if
overflow has happened. You must use strncpy_s with _TRUNCATE specified in
the count parameter to truncate.

Yuhong Bao

_________________________________________________________________
Download Messenger. Join the i’m Initiative. Help make a difference today.
http://im.live.com/messenger/im/home/?source=TAGHM_APR07
Mike Frysinger
2007-05-05 08:17:11 UTC
Permalink
Post by Yuhong Bao
strncpy makes it hard to check for overflow.
strlcpy make it much easier to check for overflow.
strcpy_s (part of the VC2005 libraries) do not copy the string at all if
overflow has happened. You must use strncpy_s with _TRUNCATE specified in
the count parameter to truncate.
were you trying to ask a question ? seems like you were just stating some
facts ...
-mike
Yuhong Bao
2007-05-05 17:17:47 UTC
Permalink
But one of the arguments is that programmers should be concerned about the
effect of truncation. strlcpy make it easier than strncpy to check for
truncation too, and strcpy_s (part of VC2005 libraries) refuse to copy the
string at all if the string is going to be truncated. You must use strncpy_s
with _TRUNCATE in the count parameter.

_________________________________________________________________
Check Out Our List Of Trendy Restaurants. You'll Eat It Up!
http://local.live.com/?mkt=en-ca/?v=2&cid=A6D6BDB4586E357F!378
Mike Frysinger
2007-05-06 07:28:40 UTC
Permalink
Post by Yuhong Bao
But one of the arguments is that programmers should be concerned about the
effect of truncation. strlcpy make it easier than strncpy to check for
truncation too, and strcpy_s (part of VC2005 libraries) refuse to copy the
string at all if the string is going to be truncated. You must use
strncpy_s with _TRUNCATE in the count parameter.
what exactly is your point ? do you want to change something in glibc ?
-mike
Yuhong Bao
2007-05-06 17:14:08 UTC
Permalink
One of the arguments is that programmers should be concerned when a string
buffer oveflow, and so my point is that that strlcpy make it easier to check
overflow and strcpy_s refuse to copy the string at all if the buffer
overflows.
Regardless it is not part of a standard yet, so it may not be a good idea to
add it to glibc.
Subject: Re: strcpy_s, strlcpy, and strncpy and checking for overflow
Date: Sun, 6 May 2007 03:28:40 -0400
MIME-Version: 1.0
Received: from smtp.gentoo.org ([140.211.166.183]) by
bay0-mc8-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 6
May 2007 00:28:19 -0700
Received: from ip6-localhost (localhost [127.0.0.1])by smtp.gentoo.org
(Postfix) with ESMTP id F14676491D;Sun, 6 May 2007 07:28:18 +0000 (UTC)
LsUYwwHHNt3660MmjhEvYg2f34OAemlK+ZzoV09lDsZmbz8QigGIQtU5Yvr3lK0P
Organization: wh0rd.org
User-Agent: KMail/1.9.6
X-OriginalArrivalTime: 06 May 2007 07:28:19.0817 (UTC)
FILETIME=[1EDD1590:01C78FB0]
Post by Yuhong Bao
But one of the arguments is that programmers should be concerned about
the
Post by Yuhong Bao
effect of truncation. strlcpy make it easier than strncpy to check for
truncation too, and strcpy_s (part of VC2005 libraries) refuse to copy
the
Post by Yuhong Bao
string at all if the string is going to be truncated. You must use
strncpy_s with _TRUNCATE in the count parameter.
what exactly is your point ? do you want to change something in glibc ?
-mike
<< signature.asc >>
_________________________________________________________________
Add the Windows Live Messenger NHL Stats Agent to your buddy list and get
your stats fix instantly http://sports.sympatico.msn.ca/NHL/NHL_Stats_Agent
Ulrich Drepper
2007-05-06 17:21:49 UTC
Permalink
Post by Yuhong Bao
Regardless it is not part of a standard yet, so it may not be a good
idea to add it to glibc.
No, it's not. If you're concerned about overflows use the functions
which do all this by themselves. Read

http://people.redhat.com/drepper/defprogramming.pdf
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
Loading...