This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Implement C11 annex K?
- From: Rich Felker <dalias at libc dot org>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: "Joseph S. Myers" <joseph at codesourcery dot com>, libc-alpha <libc-alpha at sourceware dot org>
- Date: Wed, 13 Aug 2014 17:35:20 -0400
- Subject: Re: Implement C11 annex K?
- Authentication-results: sourceware.org; auth=none
- References: <E1XHe8v-0004Ur-Hp at rmm6prod02 dot runbox dot com> <Pine dot LNX dot 4 dot 64 dot 1408132054090 dot 16622 at digraph dot polyomino dot org dot uk> <53EBD7D9 dot 1040008 at cs dot ucla dot edu>
On Wed, Aug 13, 2014 at 02:25:45PM -0700, Paul Eggert wrote:
> Joseph S. Myers wrote:
> >I think it would be reasonable to consider. High-quality of course means
>
> I don't see how we could have a high-quality implementation of
> strlcpy. Either it'd be compatible with OpenBSD and thus suffer
> from DoS problems with long sources, or it'd be incompatible and
> then why bother?
The snprintf interface has the same "DoS problems" and that's not
reason to exclude it. It just limits the usefulness (or at least
convenience, since you can always validate inputs separately with
strnlen) in some situations. I agree totally that strlcpy is a bad
API, and I don't recommend using it, but since apps are using it, it's
much better to have a fully correct version in glibc than a buggy
application-provided fallback -- and the latter is really common.
Rich