Re: Are bad developer libraries the problem with M$ software?

On Mon, Nov 18, 2002 at 04:27:25PM -0800, The Amazing Dragon wrote:
> > These are good ideas, and you should expand them to handle the case where the destination string is not \0-terminated. Example: strncpy.
> > The strncpy() function copies not more than len characters from src into
> > dst, appending `\0' characters if src is less than len characters long,
> > and not terminating dst otherwise.
> > I handle this by always setting dst[len-1] = '\0';
>
> Not safe, though you've merely overwritten the end by one and with a \0,

The end is not overwritten by one. Only the last byte beloging to the buffer is.

> Then strncat() should take the size of the destination (again including

You're missing the point of strncat. It wasn't meant to be secure and stop overflowing the destination. It's just a tool that just strcats a certain amount of bytes. No one would use strcat(s) without first checking the size of the buffer and of the data to be cated.

> Also given the total space it is very easy for
(That is what strlen does)

Regards,
Luciano Rocha

-- 
Consciousness: that annoying time between naps.