On Mon, Mar 3, 2008 at 2:41 PM, Bernhard Herzog <[EMAIL PROTECTED]> wrote: > 1. Different guarantees regarding the terminating null character. > > strcpy also copies the terminating null character. The strncpy call > doesn't because it always copies exactly the number of characters > given in the third parameter and strlen doesn't count the terminating null. Wow! I never saw that...
> 2. The size parameter should indicate how much space is left in dest. > Obviously, simply using strlen(src) as the size defeats its purpose. True.. in all, I think the changes (rev. 694 and 687) actually lower the > quality of the code. The original strcpy calls were not wrong, so a > simple /* Flawfinder: ignore */ comment would have sufficed. It would also > have the advantage that we can later tell flawfinder to ignore those > comments to get it to recheck the code. OK, will do this instead. Thanks _______________________________________________ Openvas-devel mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
