Ralph Corderoy wrote: > Perhaps a complainant could be told of the secret $NMHNOBARF to stop > TRUNCCPY from aborting? Though it would still complain for the first N > goes?
i think the moment that the state of the program becomes undefined, you should abort. malloc and asprintf helpfully return a useless value (NULL) if they can't fit your result into a new heap blob. snprintf, strncpy, and strlcpy do not. the right thing to create on overflow is an empty string. if the caller doesn't check the return value, they're going to wonder where that empty string came from. this would teach callers to check return values. returning the front half of the source string is bad. and while returning it non-\0-terminated is worse, neither is acceptable. i once received a thousands-of-lines-long patch to bind8 to make it use snprintf and strlcpy. i rejected it, and replaced every caller whose starting conditions were not obvious from simple inspection with an "if" statement that crashed out of the current operation if the resulting string would not fit my assumptions. replacing overrun with truncation is not a big enough improvement to justify touching the code at all. -- P Vixie _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
