[haiku-commits] Re: r40011 - haiku/trunk/src/apps/stylededit

  • From: Simon Taylor <simontaylor1@xxxxxxxxxxxx>
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Wed, 29 Dec 2010 11:39:18 +0000

CID 6931 and 8076: use strncpy for the extremely unlikely case that
B_TRANSLATE("???") returns something larger than the size of name.

Please ban strncpy() from your brain and use strlcpy() instead - the former 
cannot safely be used this way.

Although having just googled the difference, it's important to remember that strlcpy doesn't pad to the end with zeros, but just guarantee that one is used to terminate the string. More of a security implication than anything else I suppose, and so not a high priority at the moment.


Other related posts: