>> I disagree, check the size before of calling strcpy. If you want to
>> avoid security risk you also have to check the output of strlcpy
>> to detect truncations, so you don't win anything. In both cases
>> you have to add a comparision, so it is better to use strcpy that
>> is standard.
>
> Good luck with that.
You should read this:
http://sourceware.org/ml/libc-alpha/2002-01/msg00147.html
The full thread is really interesting. Saying that strcpy is insecure
is the same that saying that any pointer or array index is insecure
because you can write out of bounds.
If you know the size of the array then why you don't use memcpy
directly?.
Regards,
Received on Fri Nov 07 2014 - 11:27:35 CET