Wireshark · Ethereal-dev: Re: [Ethereal-dev] strcpy harmful, what?

Ethereal-dev: Re: [Ethereal-dev] strcpy harmful, what?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Fri, 21 Oct 2005 15:29:12 -0700

Rich Coe wrote:

I think that replacing strcpy with a library function that (eventually)
calls strcpy (strncpy)

If any snprintf-like function calls strcpy() on %s strings, it's buggy,so that probably should be stated as "that (eventually) calls strncpy orstrlcpy". Replacing calls to strcpy() or strcat() is neither pointlessnor stupid unless the calls in question have done *correct* boundschecking already, and it's probably a bit error prone either to

1) require that the bounds checks be done correctly (as you have tocheck how much space is left in the string)


or even

	2) require that they be done at all.

One might argue that using strlcpy() and strlcat() would be better thanusing snprintf() or g_snprintf(); to do that, we'd have to supply ourown strlcpy() and strlcat() if the platform for which we're buildingdoesn't have them.

Now, in at least some cases, the function that arguably should *really*be used is proto_item_append_text()....

Follow-Ups:
- Re: [Ethereal-dev] strcpy harmful, what?
  - From: Andrew Hood

References:
- [Ethereal-dev] strcpy harmful, what?
  - From: Rich Coe
- Re: [Ethereal-dev] strcpy harmful, what?
  - From: ronnie sahlberg
- Re: [Ethereal-dev] strcpy harmful, what?
  - From: Rich Coe

Prev by Date: Re: [Ethereal-dev] Update to expert data
Next by Date: Re: [Ethereal-dev] Suggested expansion of Expert Statistics
Previous by thread: Re: [Ethereal-dev] strcpy harmful, what?
Next by thread: Re: [Ethereal-dev] strcpy harmful, what?
Index(es):
- Date
- Thread