Re: [dev] [sbase] [patch] Fix warnings about strcpy() etc. on OpenBSD

From: Thorsten Glaser <>
Date: Thu, 15 Aug 2013 11:00:11 +0000 (UTC)

sin dixit:

> if(!(p = malloc(strlen(d->d_name)+1)))
> eprintf("malloc:");
>- strcpy(p, d->d_name);
>+ snprintf(p, strlen(d->d_name)+1, "%s", d->d_name);

I object. The better fix here is:

+ size_t sz;

- if(!(p = malloc(strlen(d->d_name)+1)))
+ if(!(p = malloc((sz = strlen(d->d_name)+1))))

+ memcpy(p, d->d_name, sz);

> if(len+1 > *size && !(*p = realloc(*p, len+1)))
> eprintf("realloc:");
>- strcpy(&(*p)[len-n], buf);
>+ snprintf(&(*p)[len-n], n+1, "%s", buf);

Again, I object… you do not calculate the length correctly.
Besides, this looks like a strlcat to me… if not, memcpy
might again be more wise; n+1 doesn’t match with len+1 from above.

> if(!(b->lines[b->nlines-1] = malloc(strlen(line)+1)))
> eprintf("malloc:");
>- strcpy(b->lines[b->nlines-1], line);
>+ snprintf(b->lines[b->nlines-1], strlen(line)+1, "%s", line);

snprintf invokes stdio… if the size is known, like in such
cases, use memcpy. And cache strlen(line) + 1 in a size_t.

Is not using spaces around operators normal for sbase, btw?
This is horrid. Please read
for something nicer-looking. (I used to do it wrong, too.)

> Hi, does anyone sell openbsd stickers by themselves and not packaged
> with other products?
No, the only way I've seen them sold is for $40 with a free OpenBSD CD.
	-- Haroon Khalid and Steve Shockley in gmane.os.openbsd.misc
Received on Thu Aug 15 2013 - 13:00:11 CEST

This archive was generated by hypermail 2.3.0 : Thu Aug 15 2013 - 13:12:06 CEST