On Thu, Jan 20, 2000 at 08:27:05AM +1100, Michael Stockman
wrote:> safe_strcpy is not very safe. It seems that it writes 1 char longer
> than maxlen, which is bad if the buffer isn't that long. Example of
> bad but common usage:
>
> pstring str;
> safe_strcpy( str, "Hello world", sizeof(str) );
>
> This may cause a SIGSEGV!
Unfortunately safe_strcpy was designed to replace an
interface that expected maxlen not to include the terminating
zero (it explicitly says this in the interface definition).
I am not happy about it, but it was designed to fit into
the existing code (which was written to expect this property).
It is safe given its interface definition, just not very intuitive.
In the UNICODE Samba re-write I am fixing these bad assumptions.
Regards,
Jeremy Allison,
Samba Team.
