stpcpy, stpncpy, wcpcpy, wcpncpy in lib C [PSARC/2009/084 Self Review]
James Carlson
james.d.carlson at sun.com
Tue Feb 10 05:02:57 PST 2009
Casper Dik writes:
> char *stpcpy(char *restrict s1, const char *restrict s2);
> char *stpncpy(char *restrict s1, const char *restrict s2, size_t n);
> wchar_t *wcpcpy(wchar_t restrict *ws1, const wchar_t *restrict ws2);
> wchar_t *wcpncpy(wchar_t restrict *ws1, const wchar_t *restrict ws2, size_t
> n);
The lint maintainers be notified so that they can add stpcpy and
wcpcpy to their list of security-questionable functions warned about
via -errsecurity. (At least file an RFE.)
This looks to me like a standards-related blunder. "stpncpy" and
"wcpncpy" functionality (strncpy-like zero pad to end of the buffer,
*and* leaving full destination buffers unterminated) doesn't seem to
make much sense in this context.
I think it's a shame they didn't do stplcpy and wcplcpy instead. Do
we have anyone involved in the standards process who could add
comments?
Apart from that, big sigh, nose held, and +1.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list