This is the mail archive of the
mailing list for the glibc project.
Re: Wish for 2002 ...
Paul Eggert <email@example.com> writes:
> Have you read the OpenSSH code? Most of the OpenSSH code that uses
> these functions has arbitrary limits that really ought to get removed,
> as they can cause the programs to misbehave. Once they're removed,
> the use of strlcat/strcpy could also be removed.
Right. But the point is not whether its good that strlcat is in use.
Let's all agree, I think, that strlcat is icky and shouldn't be used.
However, it is. And unless the glibc maintainers are willing to patch
all the programs that use it, those programs are currently not
portable. (Or, if they use an autoconfy test, they get a suboptimal
implementation of a string function; one of the very thing that glibc
exists to prevent.)
Sure, OpenSSH does not actually need to use strlcat. But the current
source does in fact use it.
> Nobody in this discussion has presented any real data about costs. I
> doubt whether anybody has any hard data. It is hardly fair to require
> the skeptics to provide hard data, when the proponents don't have any
> hard data either.
Linus claimed to have something approaching "hard data" for the
proposition that adding functions to the library is inherently bad,
but he seems to have begged off of the request to tell me where I
could read more about it.