Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: using "(void)" casts to purposefully ignore return values

Quoting Joerg Sonnenberger <> (Thu, 25 Aug 2011
05:00:08 +0200):

> On Thu, Aug 25, 2011 at 09:54:05AM +0930, Brett Lymn wrote:
> > On Wed, Aug 24, 2011 at 04:11:52PM +0200, Joerg Sonnenberger wrote:
> > > > 
> > > > Nope, someone has not read the strlcat man page closely enough.
> > > > If you screw up in just the right way strlcat WILL NOT null
> > > > terminate a string.
> > > 
> > > You are mixing up strncat and strlcat. The former doesn't
> > > NUL-terminate, the latter does explicitly in all but one case
> > > (n==0).
> > > 
> > 
> > I repeat.  Someone has not read the strlcat man page properly.
> > Seriously.  The belief that strlcat will always nul terminate is
> > wrong.
> strlcat preserves NUL-termination in all cases. It is not intended for
> truncation of input. This is contrary to strncat, which is just as
> insane as strncpy in that regard.

I know nothing about this, but just to stop the discussion from
devolving into a flame war, I'll point out that the bit of strlcat(3)
being referred to is probably this one:

    Note however, that if strlcat() traverses size characters without
    finding a NUL, the length of the string is considered to be size and
    the destination string will not be NUL-terminated (since there was
    no space for the NUL).  This keeps strlcat() from running off the
    end of a string.  In practice this should not happen (as it means
    that either size is incorrect or that dst is not a proper ``C''
    string). The check exists to pre- vent potential security problems
    in incorrect code.

Ian D. Leroux

Home | Main Index | Thread Index | Old Index