On Fri, Nov 7, 2014 at 8:03 AM, <k...@shike2.com> wrote: > >> - Rename volatile bool q = false; to "isrunning". > > is.* is a reserved name space, it have not to be used in external scope. > > >> - Use the safer strlcpy or snprintf instead of strcpy(). > > I disagree, check the size before of calling strcpy. If you want to > avoid security risk you also have to check the output of strlcpy > to detect truncations, so you don't win anything. In both cases > you have to add a comparision, so it is better to use strcpy that > is standard. >
It's easy to make mistakes using just strcpy() and strncpy() also isn't safe in some subtle cases. Read up about the exact differences here: http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy
