Re: Bounds checking functions
- From: James Antill <james-netnews@xxxxxxx>
- Date: Fri, 29 Feb 2008 05:25:06 -0000
On Thu, 28 Feb 2008 00:07:49 -0500, CBFalconer wrote:
Micah Cowan wrote:
... snip ...
In short, I rarely want to truncate, and when I _do_, I rarely want to
do it naively (as strlcat() will do).
I'm not against its inclusion, I just think its utility has been _way_
overblown.
And what is the better result? If you want to remove the leading part
of the output string, you can do that. If you want to provide a larger
buffer, you can do that. If you want to truncate, you already did that.
If you want a real string library, you can do that. There are a couple
of usable ones to choose from[1]. If you want to write a string API, you
can do that too ... and if you are lucky, and have quite a bit of spare
time, you might get something useful out of it.
But don't pretend that strlcpy/strlcat constitute a usable alternative.
See:
http://www.and.org/vstr/security#stringapi
[1] http://www.and.org/vstr/comparison
--
James Antill -- james@xxxxxxx
C String APIs use too much memory? ustr: length, ref count, size and
read-only/fixed. Ave. 44% overhead over strdup(), for 0-20B strings
http://www.and.org/ustr/
.
- References:
- Bounds checking functions
- From: Aaron Hsu
- Re: Bounds checking functions
- From: ymuntyan
- Re: Bounds checking functions
- From: William Ahern
- Re: Bounds checking functions
- From: Micah Cowan
- Re: Bounds checking functions
- From: William Ahern
- Re: Bounds checking functions
- From: Micah Cowan
- Re: Bounds checking functions
- From: CBFalconer
- Bounds checking functions
- Prev by Date: Re: /*this meaningful?*/ #define CONST_INT(name, value) extern const int name
- Next by Date: Re: Is this code correct ?
- Previous by thread: Re: Bounds checking functions
- Next by thread: Re: Bounds checking functions
- Index(es):
Relevant Pages
|
|
