The strncpy() function is less horrible than strcpy(). But it's still pretty easy to misuse because of its funny termination semantics. And we already have a ready-made alternative in strlcpy. So let's ban it, to make sure uses don't creep in.
Note that there is one instance of strncpy in compat/regex/regcomp.c. But this doesn't trigger the ban-list even when compiling with NO_REGEX=1, because we don't use git-compat-util.h when compiling it (instead we rely on the system includes from the upstream library). Since this use of strncpy was verified by manual inspection and since it doesn't trigger the automated ban-list, we're better off leaving it to keep our divergence from glibc minimal. Signed-off-by: Jeff King <p...@peff.net> --- banned.h | 1 + 1 file changed, 1 insertion(+) diff --git a/banned.h b/banned.h index fe81020e0f..ae6aaaa4a9 100644 --- a/banned.h +++ b/banned.h @@ -11,6 +11,7 @@ #define BANNED(func) sorry_##func##_is_a_banned_function() #define strcpy(x,y) BANNED(strcpy) +#define strncpy(x,y,n) BANNED(strncpy) #ifdef HAVE_VARIADIC_MACROS #define sprintf(...) BANNED(sprintf) -- 2.18.0.540.g6c38643a7b
