Jaromir Dolecek <jdolecek@netbsd.org> writes:
> Countrary to this, I agree with Matt. Please don't do wholesale replace
> of strcpy() to strlcpy() - it's slower, sometimes very significantly,
> since strcpy() is normally implemented in assembler. Furthermore,
> gcc can optimize strcpy(), but cannot strlcpy().
> 
> Do not do random (and even less wholesale) replace of strcpy()/strcat()
> with strl*().
> 
> I do think it would be good to migrate from strn*() to
> strl*() however.  strl*() API is less prone to programming
> mistakes than strn*()

Long term, I think that it is best to replace most non-speed-critical
uses of strcpy with strlcpy to prevent accidents when people change
code later on. I've seen too many programming accidents in which
people made changes to seemingly safe uses and caused buffer overflow
errors.

That said, I agree that replacing things "randomly" wouldn't be good
-- we should start with the strn* functions and then convert others in
a well considered manner.

Perry