> David Friedman <[EMAIL PROTECTED]> wrote:
>       I encountered a problem very much similar to this when checking some
>       code that made extensive use of this macro:
>       #define newstr(s)\
>               strcpy(malloc(strlen(s) + 1), s)
>       every time it used that macro is raised a "-boundswrite" warning
>       since it thought the src buffer could get overflowed.
> Urk.  This code is of course broken.  (Why, oh WHY, didn't ANSI bless
> "strdup"?)  malloc() can fail, returning a NULL pointer, and then this
> code *will* crash or scribble on memory incorrectly.

actually, that's what the original code was, I inadvertantly
changed it to malloc before posting it. 

> The best solution is to write your own void *xmalloc(size_t) function
> which abort()s or exit()s if memory runs out, and make sure that SPLint
> knows that it always returns a long enough block.

this was actually from Sendmail's source code, so hopefully
that is not broken :-)


Reply via email to