Hacker News new | ask | show | jobs
by hnbroseph 2468 days ago
can you be more specific about these practices?
1 comments
Gibbon1 2468 days ago
What ufo said

> implements strcpy as `while(dst++ = dst++);

The book is full of stuff like that.

link
cma 2468 days ago
Doesn't strcpy always have that issue? The terseness is one issue, but the security problem is that it implements strcpy at all without warning.
link
iamnotacrook 2468 days ago
You tend to get warnings to use the _s versions of some functions (strcpy_s in this case) these days.
link
cesarb 2468 days ago
I just tried (with gcc 9.2.1), and got no warning. As far as I know, these _s versions aren't that good, and often aren't available at all; see http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1967.htm which says among other things

"[...] none of the popular Open Source distribution such as BSD or Linux has chosen to make either available to their users. At least one (GNU C Library) has repeatedly rejected proposals for inclusion [...]"

"[...] As a result of the numerous deviations from the specification the Microsoft implementation cannot be considered conforming or portable."

link
iamnotacrook 2468 days ago
"often aren't available at all"

It's in C11. Perhaps Red Hat use non-compliant compilers, or very, very old ones?

link
cesarb 2468 days ago
It's an optional part of C11, which means that even a fully compliant compiler does not have to implement them.
link
lone_haxx0r 2467 days ago
strcpy_s has no manual entry on Ubuntu, while "man strcpy" and "man strncpy" work as expected.

Why would that be?

link