2010.07.08 16:25 "[Tiff] strlcpy vs strncpy", by Bob Friesenhahn

2010.07.11 14:35 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn

and I think on recent Solaris.

Yes (checked Solaris 10 10/09).

It was added in Solaris 8 (released February 2000)

It has been rejected by the glibc maintainer.

The glibc maintainer is strongly opinionated and rejects many useful things. That is one reason why glibc became forked. :-)

A nice thing I find about strlcpy/strlcat is that on Windows, the Visual Studio compiler does not know about these functions and so it does not warn that they are insecure. Use of most stdio I/O and string functions causes security warnings (by default) with modern MSVC.

Albert Cahalan's comment about some strings being stored in a fixed size space with no assurance of null termination is a good one. This is common for strings stored in file formats. It would not be wise to replace string functions willy-nilly without proper understanding of how each string may be composed and used.

Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/