This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v2] Implement strlcpy [BZ #178]
- From: Florian Weimer <fweimer at redhat dot com>
- To: "Joseph S. Myers" <joseph at codesourcery dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 22 Sep 2014 15:24:38 +0200
- Subject: Re: [PATCH v2] Implement strlcpy [BZ #178]
- Authentication-results: sourceware.org; auth=none
- References: <5416EDEA dot 4080903 at redhat dot com> <541987BF dot 7000104 at redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1409171540570 dot 19493 at digraph dot polyomino dot org dot uk>
On 09/17/2014 05:41 PM, Joseph S. Myers wrote:
On Wed, 17 Sep 2014, Florian Weimer wrote:
I misremembered what the GNU coding standards say about dynamically sized
buffers. As far as I can tell, they recommend it not in general, but only as
a way to avoid unintentional copyright infringement. That's why I didn't add
a reference to the coding standards.
@node Semantics
@section Writing Robust Programs
@cindex arbitrary limits on data
Avoid arbitrary limits on the length or number of @emph{any} data
structure, including file names, lines, files, and symbols, by allocating
all data structures dynamically. In most Unix utilities, ``long lines
are silently truncated''. This is not acceptable in a GNU utility.
Thanks, I knew there was something in the standards. So I propose to
add this change on top of the last one:
-However, to prevent accidental truncation of unexpectedly long values,
-it is often better to use dynamic memory allocation and functions such
-as @code{strdup} or @code{asprintf} to construct strings.
+@strong{Note:} GNU programs should not use statically sized buffers for
+storing strings. @xref{Semantics, , Writing Robust Programs, standards,
+The GNU Coding Standards}. Instead of using @code{strlcpy}, it is
+usually better to use dynamic memory allocation and functions such as
+@code{strdup} or @code{asprintf} to construct strings.
I have verified that the cross-reference comes out correctly in both the
rendered HTML and the Info manual.
--
Florian Weimer / Red Hat Product Security