[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enabling compiler warning flags

From: Russ Allbery
Subject: Re: Enabling compiler warning flags
Date: Mon, 17 Dec 2012 22:16:42 -0800
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)

Jeffrey Walton <address@hidden> writes:

> FORTIFY_SOURCE=2 (FORTIFY_SOURCE=1 on Android 4.1+), where available.
> I know Drepper objects to the safer string/memory functions, but his
> way (the way of 1970's strcpy and strcat) simply does not work. I
> don't disagree that the safer functions are not completely safe, but I
> refuse to throw the baby out with the bath water.

Having tried both styles, what works even better than replacing strcpy and
strcat with strlcpy and strlcat, or the new *_s functions, is to replace
them with asprintf.  You have to do a little bit of work to be guaranteed
to have asprintf (or a lot of work if you want to support platforms with a
broken snprintf as well), but gnulib will do it for you, and that coding
style is so much nicer than trying to deal with static buffers and
worrying about truncation, particularly if you design the software with
that in mind from the start.  Yes, it's probably slower, but I'll trade
speed for clarity and safety nearly all of the time.

(Or you could also dodge the memory management problems by using a C
framework that supports garbage collection, like APR, but that's farther
afield of this list.)

Russ Allbery (address@hidden)             <>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]