Jeffrey Walton <noloa...@gmail.com> writes: > FORTIFY_SOURCE=2 (FORTIFY_SOURCE=1 on Android 4.1+), where available. > I know Drepper objects to the safer string/memory functions, but his > way (the way of 1970's strcpy and strcat) simply does not work. I > don't disagree that the safer functions are not completely safe, but I > refuse to throw the baby out with the bath water.
Having tried both styles, what works even better than replacing strcpy and strcat with strlcpy and strlcat, or the new *_s functions, is to replace them with asprintf. You have to do a little bit of work to be guaranteed to have asprintf (or a lot of work if you want to support platforms with a broken snprintf as well), but gnulib will do it for you, and that coding style is so much nicer than trying to deal with static buffers and worrying about truncation, particularly if you design the software with that in mind from the start. Yes, it's probably slower, but I'll trade speed for clarity and safety nearly all of the time. (Or you could also dodge the memory management problems by using a C framework that supports garbage collection, like APR, but that's farther afield of this list.) -- Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/> _______________________________________________ Autoconf mailing list Autoconf@gnu.org https://lists.gnu.org/mailman/listinfo/autoconf
