Mercurial > gnulib
changeset 38880:cd045b9d4140
doc: warn about misuse of strncpy and wcsncpy.
* doc/posix-functions/strcpy.texi: Describe requirements on prior
memory allocation.
* doc/posix-functions/wcscpy.texi: Likewise.
* doc/posix-functions/strncpy.texi: Describe what this function is not
useful for.
* doc/posix-functions/wcsncpy.texi: Likewise.
author | Bruno Haible <bruno@clisp.org> |
---|---|
date | Tue, 03 Oct 2017 22:01:42 +0200 |
parents | ccf11c06b039 |
children | 69ed5260b12b |
files | ChangeLog doc/posix-functions/strcpy.texi doc/posix-functions/strncpy.texi doc/posix-functions/wcscpy.texi doc/posix-functions/wcsncpy.texi |
diffstat | 5 files changed, 37 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Oct 02 09:13:21 2017 -0700 +++ b/ChangeLog Tue Oct 03 22:01:42 2017 +0200 @@ -1,3 +1,13 @@ +2017-10-03 Bruno Haible <bruno@clisp.org> + + doc: warn about misuse of strncpy and wcsncpy. + * doc/posix-functions/strcpy.texi: Describe requirements on prior + memory allocation. + * doc/posix-functions/wcscpy.texi: Likewise. + * doc/posix-functions/strncpy.texi: Describe what this function is not + useful for. + * doc/posix-functions/wcsncpy.texi: Likewise. + 2017-10-02 Paul Eggert <eggert@cs.ucla.edu> fsuage: fix typo in previous change
--- a/doc/posix-functions/strcpy.texi Mon Oct 02 09:13:21 2017 -0700 +++ b/doc/posix-functions/strcpy.texi Tue Oct 03 22:01:42 2017 +0200 @@ -17,3 +17,6 @@ Portability problems not fixed by Gnulib: @itemize @end itemize + +Note: @code{strcpy (dst, src)} is only safe to use when you can guarantee that +there are at least @code{strlen (src) + 1} bytes allocated at @code{dst}.
--- a/doc/posix-functions/strncpy.texi Mon Oct 02 09:13:21 2017 -0700 +++ b/doc/posix-functions/strncpy.texi Tue Oct 03 22:01:42 2017 +0200 @@ -17,3 +17,12 @@ Portability problems not fixed by Gnulib: @itemize @end itemize + +Note: This function was designed for the use-case of filling a fixed-size +record with a string, before writing it to a file. This function is +@strong{not} appropriate for copying a string into a bounded memory area, +because you have no guarantee that the result will be NUL-terminated. +Even if you add the NUL byte at the end yourself, this function is +inefficient (as it spends time clearing unused memory) and will allow +silent truncation to occur, which is not a good behavior for GNU programs. +For more details, see @see{https://meyering.net/crusade-to-eliminate-strncpy/}.
--- a/doc/posix-functions/wcscpy.texi Mon Oct 02 09:13:21 2017 -0700 +++ b/doc/posix-functions/wcscpy.texi Tue Oct 03 22:01:42 2017 +0200 @@ -19,3 +19,7 @@ On AIX and Windows platforms, @code{wchar_t} is a 16-bit type and therefore cannot accommodate all Unicode characters. @end itemize + +Note: @code{wcscpy (dst, src)} is only safe to use when you can guarantee that +there are at least @code{wcslen (src) + 1} wide characters allocated at +@code{dst}.
--- a/doc/posix-functions/wcsncpy.texi Mon Oct 02 09:13:21 2017 -0700 +++ b/doc/posix-functions/wcsncpy.texi Tue Oct 03 22:01:42 2017 +0200 @@ -16,6 +16,15 @@ Portability problems not fixed by Gnulib: @itemize @item -On AIX and Windows platforms, @code{wchar_t} is a 16-bit type and therefore cannot -accommodate all Unicode characters. +On AIX and Windows platforms, @code{wchar_t} is a 16-bit type and therefore +cannot accommodate all Unicode characters. @end itemize + +Note: This function has no real use: It cannot be used for filling a fixed-size +record with a wide string, before writing it to a file, because the wide string +encoding is platform dependent and, on some platforms, also locale dependent. +And this function is @strong{not} appropriate for copying a wide string into a +bounded memory area, because you have no guarantee that the result will be +null-terminated. Even if you add the null character at the end yourself, this +function is inefficient (as it spends time clearing unused memory) and will +allow silent truncation to occur, which is not a good behavior for GNU programs.