buffer overflow and snprintf/strlcpy

Werner Koch wk at gnupg.org
Wed Nov 29 11:18:06 CET 2006

On Tue, 28 Nov 2006 17:21, ca+gnupg-devel at esmtp.org said:

> I probably misunderstand you, but snprintf() and strlcpy() behave
> the same in that matter, don't they?

Depends on the format string.  A format is often too complex to easily
figure out a maximum length.

> If you are sure that the "dst" string is large enough for a strcpy()
> function than you may as well use an assertion after a strlcpy()
> to let the code check that you were right.

If I am sure I don't need an assert ;-)

But then I can also use a simple loop which makes testing for a
premature terminatiion much easier.  But it is not that expressive.



More information about the Gnupg-devel mailing list