Bugtraq mailing list archives

Re: strcpy versus strncpy

From: j-zbiciak1 () ti com (Joe Zbiciak)
Date: Tue, 3 Mar 1998 01:25:06 -0600


'Dean Gaudet' said previously:
|
| You forgot:
|
| 4. strncpy is required to zero-fill the entire destination, which can be
| quite a performance pig if the destination is big and the strncpy is
| executed frequently.

and

5. strncpy may not zero-terminate the resulting string, leading to other
   interesting problems if you don't ensure that the resulting string
   is zero terminated yourself.

(AT&T SVR4 had a lot of bugs in this vein regarding utmp, since their
utmp structure only allowed 8 characters for login names.  If you had
an 8 character login name, programs like "who" would show garbage after
the login name because they'd assume that ut_user[] was zero terminated
when it isn't necessarily.)

Regards,

--Joe

--
 +----------- Joseph Zbiciak ----------+  Eliminate idle cycles!
 | - - - -  j-zbiciak1 () ti com  - - - - |  http://www.distributed.net/
 |- http://www.primenet.com/~im14u2c/ -|
 | - - -Texas Instruments, Dallas- - - |  "I feel as much like I did
 +-----#include "std_disclaimer.h"-----+   yesterday as I do today."

Current thread:

strcpy versus strncpy Morten Welinder (Mar 02)
- Re: strcpy versus strncpy Dean Gaudet (Mar 02)
  - Re: strcpy versus strncpy Joe Zbiciak (Mar 02)
- Re: strcpy versus strncpy Daniel Reed (Mar 02)
  - Re: strcpy versus strncpy Kragen (Mar 03)
    - Re: strcpy versus strncpy Wietse Venema (Mar 03)
  - Re: strcpy versus strncpy pedward () WEBCOM COM (Mar 03)
- Re: strcpy versus strncpy Aleph One (Mar 02)
- Re: strcpy versus strncpy sinster () DARKWATER COM (Mar 02)
  - Re: strcpy versus strncpy Nick Maclaren (Mar 03)
  - Re: strcpy versus strncpy Mark Walker (Mar 03)
- updatedb: sort patch Michael Ballbach (Mar 02)
- Re: strcpy versus strncpy Eivind Eklund (Mar 03)

(Thread continues...)