Use memcpy and do the size check yourself beforehand (taking the appropriate action if it doesn’t fit). Avoid any function starting with str except for strlen. Prefer pointer+length instead of relying on nul-terminated strings.
The correct thing to do is to use memcpy and to know the size of both the destination buffer and the source buffer. If the source buffer won’t fit, then you need to take an application-specific action (is truncation ok? do you have to abort the whole operation? Do you re-alloc the destination buffer? etc.) strncpy almost always does the wrong thing.
Agree with the general principle of knowing your buffer sizes, but the issue with memcpy (evidenced over many years with various CVEs) is that someone invariably takes a string length and forgets to plus one, leading to non-null-terminated strings.
Are there any compilers that insert nops between real instructions in debug builds to allow inserting a jump to code to evaluate the expression? Conditional breakpoints are so slow it’s usually faster to add an if with the condition and recompile.
In my experience, code reviews catch a lot of bugs. However, if you find yourself catching the same kind of bugs over and over again in review you should be finding ways to catch them automatically without involving a reviewer (static analysis, tests, linters, etc.)
Completely agree on utilizing static analysis as much as possible. My first instinct when finding an issue in a code review is to think, "could we have caught this with a <lint rule> of some kind?"
Feels like many of these features should just be built into the browser. Why can’t the browser assemble a table of contents based on header hierarchy? Isn’t that the point of the number in h1-h6? Why aren’t elements with ids easy to link to by default? Add a “copy-link-to” to the standard context menu in the browser. Etc.
It feels like browsers over the decades have moved away from catering to power users.
Is something like Arc moving back? Without having used it (I plan to at some point), I've heard that at least its tab management seems catered towards "professional browser users".
I like the way Cory Doctorow puts it in this piece:
> A web browser that's a "user agent" is a comforting thought. An agent's job is to serve you and your interests. When you tell it to fetch a web-page, your agent should figure out how to get that page, make sense of the code that's embedded in it, and render the page in a way that represents its best guess of how you'd like the page seen.
