[PATCH] Remove clobber_region() etc
abartlet at samba.org
Tue Mar 22 04:23:23 MDT 2011
On Tue, 2011-03-22 at 19:32 +1100, Andrew Bartlett wrote:
> On Tue, 2011-03-22 at 08:27 +0100, Volker Lendecke wrote:
> > That's scary indeed. And Coverity does not like it. I think
> > strlcpy is a much better API which is a lot less
> > error-prone. I see the point to check if the target is the
> > right size, but strcpy from my point of view could just go
> > away.
> Why does Coverity not like it? The weird macro stuff can be avoided as
> long as their compile doesn't define
> > Just brainstorming: Is it possible to have a macro around
> > strlcpy that finds the target size automatically and is only
> > usable for static or stack-allocated arrays?
> I certainly think I could add a checked_strlcpy(). We could use it
> alongside strlcpy(), with the developer choosing to use the checked or
> unchecked variant, rather than the compiler guessing.
> The big advantage of this is that the semantics would be well defined,
> being only checks in addition to strlcpy(), and we would not abuse the
> 'safe' prefix that we keep adding to functions that can still be quite
> unsafely used.
> (a grep of the tree for safe_strcpy() shows a scary number of calls to
> strlen() and similar things - these may all be perfectly OK, but
> illustrates that calling a macro or function 'safe' doesn't make the
> unsafe safe).
Attached are my revised patches, before I call it a night. I think I've
made the safe_string.h functions easier to handle.
I've also added the checked_strlcpy(), but once you start looking there
are precious few places we can use it. Even the example I converted to
show it works should be rewritten - it shows why the clobber_region just
caused trouble and as far as I can see should have been just
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the samba-technical