Ethereal-dev: Re: [Ethereal-dev] strcpy harmful, what?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 21 Oct 2005 15:29:12 -0700
Rich Coe wrote:
I think that replacing strcpy with a library function that (eventually)
calls strcpy (strncpy)

If any snprintf-like function calls strcpy() on %s strings, it's buggy, so that probably should be stated as "that (eventually) calls strncpy or strlcpy". Replacing calls to strcpy() or strcat() is neither pointless nor stupid unless the calls in question have done *correct* bounds checking already, and it's probably a bit error prone either to

1) require that the bounds checks be done correctly (as you have to check how much space is left in the string)

or even

	2) require that they be done at all.

One might argue that using strlcpy() and strlcat() would be better than using snprintf() or g_snprintf(); to do that, we'd have to supply our own strlcpy() and strlcat() if the platform for which we're building doesn't have them.

Now, in at least some cases, the function that arguably should *really* be used is proto_item_append_text()....