strncpy() bug?

bug-glibc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

strncpy() bug?

From:	William R. Pearson
Subject:	strncpy() bug?
Date:	Tue, 19 Jun 2001 19:30:06 -0400 (EDT)

I was suprised to find that on Linux (RH6.2, RH7.1) and Mac OSX systems, 
the code:

  strncpy(str,sql_row[1],cnt-1);

  if (strlen(str) > cnt-1) {
    fprintf(stderr,"*** How can this happen? %d/%d\n",
            strlen(str),cnt-1);
  }

Frequently gives the result:

*** How can this happen? 58/54

(I do not believe I have never seen an "overrun" greater than 4.)

Having discovered the problem, I find that it happens very reproducibly
in the program I am working on, on many different platforms using various
versions of gcc/glibc.

I find this very disturbing (and it certainly plays havoc with a subsequent
statement of the form: 

  strncat(str,more_chars,cnt-1-strlen(str));

when (strlen(str) > cnt-1)), but I wonder if some might not consider
it a bug because "safe strncpy()" needs:

  strncpy(str,sql_row[1],cnt-1);
  str[cnt-1]='\0';

Am I confused, or is the glibc strncpy() broken?

I see this with "gcc -g", "gcc -O", and "gcc -D__NO_STRING_INLINES".

Bill Pearson

[Prev in Thread]

Current Thread

[Next in Thread]

strncpy() bug?, William R. Pearson <=
- Re: strncpy() bug?, Mike Castle, 2001/06/19

Prev by Date: intermittent hangs with threads (clone() bug?/linuxthreads bug?)
Next by Date: Multi-Threaded C++ program in wich two calls to malloc, return the same pointer.
Previous by thread: intermittent hangs with threads (clone() bug?/linuxthreads bug?)
Next by thread: Re: strncpy() bug?
Index(es):
- Date
- Thread