[pif]

> The problem with strlcat and strlcpy is that they assume that it's okay to arbitrarily discard data for the sake of preventing a buffer overflow. The buffer overflow may be prevented, but because data may have been discarded, the program is still incorrect. This is roughly analogous to clamping floating point overflow to DBL_MAX and merrily continuing in the calculation.

He was not that wrong!

[oersted]

Just to be clear, someone else wrote that response. It's unclear if the maintainer had the same thought process. They probably did to be fair, but the fact that they decided to throw an incoherent tantrum instead is not very helpful.

[johhnylately535]

I believe the responder is here on HN as kazinator. I remember him from back in the day.

[WD-42]

Wow so “Linux didn’t get it for 25 years because the glibc maintainer is a jerk” is an oversimplification??? Shocking.

[cornstalks]

That argument sounds totally wrong because you can easily detect truncation:

    if (strlcpy(dst, src, dst_len) >= dst_len) {
      // Truncation!
    }

[patrakov]

The argument is also totally wrong because the whole point of strlcpy is to copy the string and, if it fails, calculate the amount of storage that was really required, without making two passes over the data that does fit. The fact that the too-small buffer is overwritten with a truncated copy of a string is just a side effect.

[cl0ckt0wer]

Don't let perfect be the enemy of good

[Groxx]

Making changes to ultra-core stuff like glibc is not really a "move fast and break things" area.

[IshKebab]

Nor is it a "never change" area. At least it shouldn't be.

[rendaw]

Isn't the point that it's harder to use those interfaces wrong then the null terminator stuff?

[CamperBob2]

Eh, to be fair, if doubles are overflowing past DBL_MAX, things went off the rails in your code quite some time ago, and it doesn't much matter what the exact overflow behavior is.

A better example would be signed integer overflow, which a conspiracy of spec authors who don't work in the real world and compiler maintainers with a perverse sense of humor have decided means "Anything goes."