[6207] in bugtraq
Re: strcpy versus strncpy
daemon@ATHENA.MIT.EDU (Joe Zbiciak)
Tue Mar 3 11:04:29 1998
Date: Tue, 3 Mar 1998 01:25:06 -0600
Reply-To: j-zbiciak1@ti.com
From: Joe Zbiciak <j-zbiciak1@TI.COM>
X-To: dgaudet-list-bugtraq@ARCTIC.ORG
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96dg4.980302173640.25490Q-100000@twinlark.arctic.org>
from "Dean Gaudet" at Mar 2, 98 05:38:38 pm
'Dean Gaudet' said previously:
|
| You forgot:
|
| 4. strncpy is required to zero-fill the entire destination, which can be
| quite a performance pig if the destination is big and the strncpy is
| executed frequently.
and
5. strncpy may not zero-terminate the resulting string, leading to other
interesting problems if you don't ensure that the resulting string
is zero terminated yourself.
(AT&T SVR4 had a lot of bugs in this vein regarding utmp, since their
utmp structure only allowed 8 characters for login names. If you had
an 8 character login name, programs like "who" would show garbage after
the login name because they'd assume that ut_user[] was zero terminated
when it isn't necessarily.)
Regards,
--Joe
--
+----------- Joseph Zbiciak ----------+ Eliminate idle cycles!
| - - - - j-zbiciak1@ti.com - - - - | http://www.distributed.net/
|- http://www.primenet.com/~im14u2c/ -|
| - - -Texas Instruments, Dallas- - - | "I feel as much like I did
+-----#include "std_disclaimer.h"-----+ yesterday as I do today."
