On Fri, Nov 7, 2014 at 8:03 AM, <k0ga_AT_shike2.com> wrote:
>
>> - Rename volatile bool q = false; to "isrunning".
>
> is.* is a reserved name space, it have not to be used in external scope.
>
>
>> - Use the safer strlcpy or snprintf instead of strcpy().
>
> I disagree, check the size before of calling strcpy. If you want to
> avoid security risk you also have to check the output of strlcpy
> to detect truncations, so you don't win anything. In both cases
> you have to add a comparision, so it is better to use strcpy that
> is standard.
>
It's easy to make mistakes using just strcpy() and strncpy() also
isn't safe in some subtle cases. Read up about the exact differences
here:
http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy
Received on Fri Nov 07 2014 - 11:07:40 CET