as I have mentioned elsewhere I have worked fiercely on reducing memory calls and memory copies in curl code over the last few years, and I have come to realize that strncpy is often a marker for questionable code decisions, so I have worked on removing those questionable code paths.
As I have reduced the amount already before, the remaining few uses were not hard to just fix with better conditions and improved logic
yeah I have a fondness for K&R C but looking back many of its standard lib functions were a Bad Idea that at best only made sense for some brief "Garden of Eden" period in the world's software ecosystem
before any user could be a determined (and well-resourced) adversary or a mind bogglingly careless idiot. haha
while I understand that C was always ever meant as a relatively light abstraction, I still don't understand why native string handling was never incorporated. Dealing with strings is relevant in _so_ many use cases, that not having a sane and safe abstraction for it is just asking for trouble.
I think that's one of the first things Borland improved on in their derivates of Pascal.
zephred
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to zephred • • •Oliver Schönrock
in reply to daniel:// stenberg:// • • •Nice
replaced by strlcpy?
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •as I have mentioned elsewhere I have worked fiercely on reducing memory calls and memory copies in curl code over the last few years, and I have come to realize that strncpy is often a marker for questionable code decisions, so I have worked on removing those questionable code paths.
As I have reduced the amount already before, the remaining few uses were not hard to just fix with better conditions and improved logic
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •synlogic
in reply to daniel:// stenberg:// • • •yeah I have a fondness for K&R C but looking back many of its standard lib functions were a Bad Idea that at best only made sense for some brief "Garden of Eden" period in the world's software ecosystem
before any user could be a determined (and well-resourced) adversary or a mind bogglingly careless idiot. haha
Andreas Schneider
in reply to daniel:// stenberg:// • • •while I understand that C was always ever meant as a relatively light abstraction, I still don't understand why native string handling was never incorporated. Dealing with strings is relevant in _so_ many use cases, that not having a sane and safe abstraction for it is just asking for trouble.
I think that's one of the first things Borland improved on in their derivates of Pascal.