strcat+strcat+strcat == baaad
Alexandre Julliard
julliard at winehq.com
Mon Dec 2 11:02:51 CST 2002
Shachar Shemesh <winehebhaim at sun.consumer.org.il> writes:
> I suggest implementing strlcat and strlcpy, as in OpenBSD. I can write
> them, but I'm not sure where to place them. They should either be
> inlined (as in - implemented in an include file as a static func), or
> in some library that will be linked (statically, I hope). Ideas?
We don't need that, there are Windows API functions like lstrcpyn that
can be used for that. And in any case the right approach to writing
correct and secure code is not to truncate every string in sight to
some fixed buffer size; it's to make sure you allocate buffers of the
right size, and then you can use standard strcpy/strcat/sprintf/etc.
without worrying about lengths.
--
Alexandre Julliard
julliard at winehq.com
More information about the wine-devel
mailing list