| > First, there's no need to be aggressive. He isn't aggressive, he simply is the inimitable Zed Shaw :) > The function has no way to detect this problem, so it's not even laziness. His point : therefore you should not use this function, but strlcpy instead. Or course the K&R has the excellent excuse of predating about every alternative secure version of strcpy. > Pascal strings embed the count within the string, but then you could forge a bogus pascal string with an incorrect size and trigger the same kind of problem. I don't think that you could easily forge such a string using Pascal standard functions, but last time I wrote Pascal there was neither syntax highlighting in the editor nor hard drive in my PC. Anyway, strlcpy should be immune, because it will truncate whatever string of bytes to the required length, see: http://www.manpagez.com/man/3/strlcpy/ It doesn't preclude any implementation error (preperly a bug), of course. |