On Mon, Mar 3, 2008 at 2:41 PM, Bernhard Herzog <[EMAIL PROTECTED]> wrote:
>  1. Different guarantees regarding the terminating null character.
>
>    strcpy also copies the terminating null character.  The strncpy call
>    doesn't because it always copies exactly the number of characters
>    given in the third parameter and strlen doesn't count the terminating null.
Wow! I never saw that...

>  2. The size parameter should indicate how much space is left in dest.
>    Obviously, simply using strlen(src) as the size defeats its purpose.
True..
 in all, I think the changes (rev. 694 and 687) actually lower the
>  quality of the code.  The original strcpy calls were not wrong, so a
>  simple /* Flawfinder: ignore */ comment would have sufficed.  It would also
>  have the advantage that we can later tell flawfinder to ignore those
>  comments to get it to recheck the code.
OK, will do this instead.

Thanks
_______________________________________________
Openvas-devel mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel

Reply via email to