The correct thing to do is to use memcpy and to know the size of both the destin... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

david2ndaccount 9 months ago | parent | context | favorite | on: Tony Hawk's Pro Strcpy

The correct thing to do is to use memcpy and to know the size of both the destination buffer and the source buffer. If the source buffer won’t fit, then you need to take an application-specific action (is truncation ok? do you have to abort the whole operation? Do you re-alloc the destination buffer? etc.) strncpy almost always does the wrong thing.

imron 9 months ago [–]

Agree with the general principle of knowing your buffer sizes, but the issue with memcpy (evidenced over many years with various CVEs) is that someone invariably takes a string length and forgets to plus one, leading to non-null-terminated strings.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact