On Tue, 10 Jan 2017 08:56:46 +0100 (CET)
git_AT_suckless.org wrote:
Hey Roberto,
> All the buffers related to files have FILENAME_MAX size, so it is
> impossible to have any buffer overrun.
I consider this way of thinking harmful, because it involves
assumptions about the code that are met in a different location. In
case FILENAME_MAX is changed to some strange value, this entire
building of thought breaks together.
There's no reason not to use strlcpy, as it saves you from buffer
overruns and other things. Nobody can possibly guarantee that some evil
input has a non-null-terminated fname and we write to savfname without
bounds.
As Dimitris likes to say, programs spend 99% with I/O, so this
"optimization" here won't make a difference. Premature optimization is
the root of all evil, and given we get strlcpy() for free from libutil,
I strongly suggest we keep the usage here.
Cheers
Laslo
--
Laslo Hunhold <dev_AT_frign.de>
Received on Tue Jan 10 2017 - 12:47:34 CET