> There's no known way to exploit system by memcpy. If there is, why
> not _DIAGNOSTIC enabled by default?

An Apache exploit targetting BSDs used memcpy() in Apache.
memcpy() and memmove() can be used for exploits if some
conditions are met.

> Unless there's a better reason to have _DIAGNOSTIC there, I'm going to 
> get rid of it.

I think it is ok because the current check hardly helps
practical users.

-- 
TAMURA Kent <kent2002@hauN.org> <kent@netbsd.org>