[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
strncpy() bug?
From: |
William R. Pearson |
Subject: |
strncpy() bug? |
Date: |
Tue, 19 Jun 2001 19:30:06 -0400 (EDT) |
I was suprised to find that on Linux (RH6.2, RH7.1) and Mac OSX systems,
the code:
strncpy(str,sql_row[1],cnt-1);
if (strlen(str) > cnt-1) {
fprintf(stderr,"*** How can this happen? %d/%d\n",
strlen(str),cnt-1);
}
Frequently gives the result:
*** How can this happen? 58/54
(I do not believe I have never seen an "overrun" greater than 4.)
Having discovered the problem, I find that it happens very reproducibly
in the program I am working on, on many different platforms using various
versions of gcc/glibc.
I find this very disturbing (and it certainly plays havoc with a subsequent
statement of the form:
strncat(str,more_chars,cnt-1-strlen(str));
when (strlen(str) > cnt-1)), but I wonder if some might not consider
it a bug because "safe strncpy()" needs:
strncpy(str,sql_row[1],cnt-1);
str[cnt-1]='\0';
Am I confused, or is the glibc strncpy() broken?
I see this with "gcc -g", "gcc -O", and "gcc -D__NO_STRING_INLINES".
Bill Pearson
- strncpy() bug?,
William R. Pearson <=