| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by Bilgus_sugliB 1146 days ago

The code in that blog article has a bug in it that I reported to the author like 6 months ago and hasn't fixed

it should be

  char *strxcpy(char *restrict dst, const char *restrict src, size_t len)
  {
    char *end = memccpy(dst, src, '\0', len);
    if (!end && len > 0) { dst[len - 1] = '\0';}
    return end;
  }

Not the end of the world but just another subtly bugged implementation..

This illustrates the issue..

Notice in the code below how it wipes out the dest string at char 0 when we supply buf[1]

if we didn't supply buf[1] the zero gets written at buf[size_t_max]

  #include <stdio.h>
  #include "string.h"

  char *strxcpy(char *restrict dst, const char *restrict src, size_t len) {
   char *end = memccpy(dst, src, '\0', len);
   if (!end) { dst[len - 1] = '\0';}
   return end;
   }

  int main()
  {
      char buf[3] = "??";
      printf("Hello World%s", buf);
      strxcpy(&buf[1], "test", 0);
      printf("Hello World%s", buf);

      return 0;
  }

1 comments

quietbritishjim 1146 days ago

Even without this, I don't think the claim that "memccpy() comes relatively close" to safe string manipulation can be taken seriously if it doesn't even null terminate the destination. That's a pretty core requirement.

(I mean, of course it doesn't null terminate given its intended usage, but that's what it would need for that claim.)

link