Yes, I do. It's difficult to turn abort() into an escalation-of-privilege. In a well-written program, you never get to the abort() call because you've already checked the length of the input string and done something sensible, which is rarely to just truncate it.
> Clue: it's not.
I'm glad we're civil around here.
> If mandatory checks are what you want, use something like electric fence, -D_FORTIFY_SOURCE, or, best of all, a managed language!
Programs can't run normally under electric fence. -D_FORTIFY_SOURCE is nice, but it only works when the compiler knows the size of the destination buffer. Sometimes it doesn't, but you do, and you can tell the compiler about the destination buffer. strcpy_s isn't a substitute for length checks; as I mentioned in my first post, you can use strncpy_s to tell the compiler (and your reviewer!) explicitly that you want string truncation. strcpy_s ensures that if you _do_ screw up, your program fails in an obvious and controlled fashion instead of veering off into exciting undefined behavior. -D_FORTIFY_SOURCE can't make the same guarantees in all cases.
> strcpy_s is about as useful as a screen door on a submarine.
It'd reflect better on you if you used metaphors that had some relationship to your argument.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds