Hi Segher, On 06/21/2018 08:18 PM, Segher Boessenkool wrote: > On Wed, Jun 20, 2018 at 07:51:11PM -0300, Breno Leitao wrote: >> - strncpy(prog, argv[0], strlen(argv[0])); >> + strncpy(prog, argv[0], sizeof(prog) - 1); > > strncpy(prog, argv[0], sizeof prog); > if (prog[sizeof prog - 1]) > scream_bloody_murder(); > > Silently using the wrong data is a worse habit than not checking for > overflows ;-)
Completely agree! Thanks for bringing this up. If you don't mind, I would solve this problem slightly different, as it seems to be more readable. - strncpy(prog, argv[0], strlen(argv[0])); + if (strlen(argv[0]) >= LEN_MAX){ + fprintf(stderr, "Very big executable name: %s\n", argv[0]); + return 1; + } + + strncpy(prog, argv[0], sizeof(prog) - 1); return test_harness(dscr_inherit_exec, "dscr_inherit_exec_test");