[PATCH] Remove clobber_region() etc
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Mar 22 01:27:13 MDT 2011
On Tue, Mar 22, 2011 at 06:16:03PM +1100, Andrew Bartlett wrote:
> Certainly,
>
> The outcome of the incredible macros in safe_string.h is that if you
> have:
>
> char cmdstring[200];
> safe_strcpy(cmdstring, panic_action, sizeof(cmdstring));
>
> This will fail to compile, until changed to:
>
> char cmdstring[200];
> safe_strcpy(cmdstring, panic_action, sizeof(cmdstring) -1);
>
> The macro uses some really, really scary code - testing at configure
> time that a function call will be optimised out and using the ? operator
> to test an expression using sizeof() the first argument.
>
> Why exactly it wants it to be sizeof(x)-1 I'm not sure, but that showed
> that the macro still works.
That's scary indeed. And Coverity does not like it. I think
strlcpy is a much better API which is a lot less
error-prone. I see the point to check if the target is the
right size, but strcpy from my point of view could just go
away.
Just brainstorming: Is it possible to have a macro around
strlcpy that finds the target size automatically and is only
usable for static or stack-allocated arrays?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical
mailing list