On Fri, 30 May 2003 04:05:32 -0000, "democow ...." <[EMAIL PROTECTED]> said:
> char * strcpy(char * dest,const char *src)
> {
> char *tmp = dest;
>
> [1] while ((*dest++ = *src++) != '\0')
> /* nothing */;
> return tmp;
> }
Kernighan & Ritchie, "The C Programming Language", had this in the first
edition - and correctly noted that this can be further optimized to:
while (*dest++ = *src++);
eliminating a comparison to '\0'. So not only is it insecure, but it's
inefficient, unless you have a *really* good optimizing compiler that can
tell that the comparison to null can be optimized away. And yes, you
need a *good* optimizer that can see that comparing to a null byte is
a special case (for instance, you can't optimize != '\n' the same way).
pgp00000.pgp
Description: PGP signature
