On Tue, Dec 18, 2012 at 1:16 AM, Russ Allbery <r...@stanford.edu> wrote: > Jeffrey Walton <noloa...@gmail.com> writes: > >> FORTIFY_SOURCE=2 (FORTIFY_SOURCE=1 on Android 4.1+), where available. >> I know Drepper objects to the safer string/memory functions, but his >> way (the way of 1970's strcpy and strcat) simply does not work. I >> don't disagree that the safer functions are not completely safe, but I >> refuse to throw the baby out with the bath water. > > Having tried both styles, what works even better than replacing strcpy and > strcat with strlcpy and strlcat, or the new *_s functions, is to replace > them with asprintf. You have to do a little bit of work to be guaranteed > to have asprintf (or a lot of work if you want to support platforms with a > broken snprintf as well), but gnulib will do it for you, and that coding > style is so much nicer than trying to deal with static buffers and > worrying about truncation, particularly if you design the software with > that in mind from the start. Yes, it's probably slower, but I'll trade > speed for clarity and safety nearly all of the time. Yeah, I think you are right about asprintf (though I have never used it).
I can't count how many times I've seen silent truncation due to sprint. Most recently, I pointed it out on some SE Android patches (Android port of SE Linux) that passed by the NSA sponsored mailing list. They went unfixed. Amazing. Jeff _______________________________________________ Autoconf mailing list Autoconf@gnu.org https://lists.gnu.org/mailman/listinfo/autoconf
