On Thu, 10 Jul 2025 at 14:21, Alejandro Colomar <a...@kernel.org> wrote:
>
> So, I prefer my implementation because it returns NULL on truncation.
As I pointed out, your implementation is WRONG.
If you want to return an error on truncation, do it right. Not by
returning NULL, but by actually returning an error.
For example, in the kernel, we finally fixed 'strcpy()'. After about a
million different versions of 'copy a string' where every single
version was complete garbage, we ended up with 'strscpy()'. Yeah, the
name isn't lovely, but the *use* of it is:
- it returns the length of the result for people who want it - which
is by far the most common thing people want
- it returns an actual honest-to-goodness error code if something
overflowed, instead of the absoilutely horrible "source length" of the
string that strlcpy() does and which is fundamentally broken (because
it requires that you walk *past* the end of the source,
Christ-on-a-stick what a broken interface)
- it can take an array as an argument (without the need for another
name - see my earlier argument about not making up new names by just
having generics)
Now, it has nasty naming (exactly the kind of 'add random character'
naming that I was arguing against), and that comes from so many
different broken versions until we hit on something that works.
strncpy is horrible garbage. strlcpy is even worse. strscpy actually
works and so far hasn't caused issues (there's a 'pad' version for the
very rare situation where you want 'strncpy-like' padding, but it
still guarantees NUL-termination, and still has a good return value).
Let's agree to *not* make horrible garbage when making up new versions
of sprintf.
Linus
