LibTiff Mailing List

On Sun, 11 Jul 2010, Toby Thain wrote:
>> and I think on recent Solaris.
>
> Yes (checked Solaris 10 10/09).

It was added in Solaris 8 (released February 2000)

>> It has been rejected by the glibc maintainer.

The glibc maintainer is strongly opinionated and rejects many useful 
things.  That is one reason why glibc became forked. :-)

A nice thing I find about strlcpy/strlcat is that on Windows, the 
Visual Studio compiler does not know about these functions and so it 
does not warn that they are insecure.  Use of most stdio I/O and 
string functions causes security warnings (by default) with modern 
MSVC.

Albert Cahalan's comment about some strings being stored in a fixed 
size space with no assurance of null termination is a good one.  This 
is common for strings stored in file formats.  It would not be wise to 
replace string functions willy-nilly without proper understanding of 
how each string may be composed and used.

Bob
-- 
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/


AWARE [SYSTEMS]		Imaging expertise for the Delphi developer
		TIFF and LibTiff Mailing List Archive
	LibTiff Mailing List TIFF and LibTiff Mailing List Archive July 2010 Previous Thread Next Thread Previous by Thread Next by Thread Previous by Date Next by Date Contact The TIFF Mailing List Homepage This list is run by Frank Warmerdam Archive maintained by AWare Systems	Thread 2010.07.08 16:25 "strlcpy vs strncpy", by Bob Friesenhahn 2010.07.08 18:03 "Re: strlcpy vs strncpy", by Lee Howard 2010.07.08 18:06 "Re: strlcpy vs strncpy", by Olivier Paquet 2010.07.11 17:36 "Re: strlcpy vs strncpy", by Edward Lam 2010.07.12 19:30 "strncpy in tiffcrop", by Richard Nolde 2010.07.12 20:31 "Re: strncpy in tiffcrop", by Edward Lam 2010.07.10 11:04 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.10 13:27 "Re: strlcpy vs strncpy", by Kevin Myers 2010.07.10 13:50 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 07:34 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.11 08:06 "Re: strlcpy vs strncpy", by Toby Thain 2010.07.11 14:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.10 13:39 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 08:18 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.11 16:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.12 17:34 "Re: strlcpy vs strncpy", by Dmitry V Levin 2010.07.12 18:13 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 14:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn On Sun, 11 Jul 2010, Toby Thain wrote: >> and I think on recent Solaris. > > Yes (checked Solaris 10 10/09). It was added in Solaris 8 (released February 2000) >> It has been rejected by the glibc maintainer. The glibc maintainer is strongly opinionated and rejects many useful things. That is one reason why glibc became forked. :-) A nice thing I find about strlcpy/strlcat is that on Windows, the Visual Studio compiler does not know about these functions and so it does not warn that they are insecure. Use of most stdio I/O and string functions causes security warnings (by default) with modern MSVC. Albert Cahalan's comment about some strings being stored in a fixed size space with no assurance of null termination is a good one. This is common for strings stored in file formats. It would not be wise to replace string functions willy-nilly without proper understanding of how each string may be composed and used. Bob -- Bob Friesenhahn bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/

LibTiff Mailing List

Thread

2010.07.11 14:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn