[neomutt-devel] strfcpy() improvement

Richard Russon rich at flatcap.org
Tue Oct 4 14:23:09 CEST 2016

A quick string copying history.

In the beginning was: strcpy (DST, SRC);
If the SRC was bigger than DST, then bad things happened.

Then came: strncpy (DST, SRC, LEN);
If SRC is longer than LEN, then the string in DST isn't NULL terminated.
Bad things happened.

Next, Mutt created a macro strfcpy() based on the BSD function.  It
guarantees a length limit AND a NULL termination.

    #define strfcpy(DST,SRC,LEN) strncpy(DST,SRC,LEN), *(DST+(LEN)-1)=0

Because of the way it works, it triggers a warning in Coverity (a static
analysis tool).  It fills DST (without NULL), then writes the NULL.

Why have I told you all of this?  Because I'm changing the macro.
    dotlock.c lib.h rfc822.c
My testing shows it works correctly, but I may missed something.

    #define strfcpy(DST,SRC,LEN) do { if ((LEN) > 0) { *(DST+(LEN)-1)=0; strncpy(DST,SRC,(LEN)-1); } } while (0)

Please be on the lookout for truncated strings.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mailman.neomutt.org/mailman/private/neomutt-devel-neomutt.org/attachments/20161004/76f6efed/attachment.sig>

More information about the neomutt-devel mailing list