buffer overflow and snprintf/strlcpy
Werner Koch
wk at gnupg.org
Wed Nov 29 11:18:06 CET 2006
On Tue, 28 Nov 2006 17:21, ca+gnupg-devel at esmtp.org said:
> I probably misunderstand you, but snprintf() and strlcpy() behave
> the same in that matter, don't they?
Depends on the format string. A format is often too complex to easily
figure out a maximum length.
> If you are sure that the "dst" string is large enough for a strcpy()
> function than you may as well use an assertion after a strlcpy()
> to let the code check that you were right.
If I am sure I don't need an assert ;-)
But then I can also use a simple loop which makes testing for a
premature terminatiion much easier. But it is not that expressive.
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list