[neomutt-devel] strfcpy() improvement
Richard Russon
rich at flatcap.org
Tue Oct 4 14:23:09 CEST 2016
A quick string copying history.
In the beginning was: strcpy (DST, SRC);
If the SRC was bigger than DST, then bad things happened.
Then came: strncpy (DST, SRC, LEN);
If SRC is longer than LEN, then the string in DST isn't NULL terminated.
Bad things happened.
Next, Mutt created a macro strfcpy() based on the BSD function. It
guarantees a length limit AND a NULL termination.
#define strfcpy(DST,SRC,LEN) strncpy(DST,SRC,LEN), *(DST+(LEN)-1)=0
Because of the way it works, it triggers a warning in Coverity (a static
analysis tool). It fills DST (without NULL), then writes the NULL.
Why have I told you all of this? Because I'm changing the macro.
dotlock.c lib.h rfc822.c
My testing shows it works correctly, but I may missed something.
#define strfcpy(DST,SRC,LEN) do { if ((LEN) > 0) { *(DST+(LEN)-1)=0; strncpy(DST,SRC,(LEN)-1); } } while (0)
Please be on the lookout for truncated strings.
Cheers,
Rich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mailman.neomutt.org/mailman/private/neomutt-devel-neomutt.org/attachments/20161004/76f6efed/attachment.sig>
More information about the neomutt-devel
mailing list