strcpy -> strlcpy?

Anil Madhavapeddy anil at recoil.org
Tue Jan 4 16:04:48 PST 2005


On Tue, Jan 04, 2005 at 03:15:59PM -0800, Matthew Dillon wrote:
> Well... I think that might be overkill.  I can see where it would help
> people doing large code updates but in all the code I've ever looked at
> in FreeBSD and DragonFly I found that sort of sizeof(pointer) conversion
> error only once or twice, a few years ago in the FreeBSD tree.  That just
> isn't enough to justify maintaining a compiler hack for it.

It was primarily done in OpenBSD to avoid introducing new bugs.  If I
remember right, when we did the complete tree sweep, it caught around 10
bugs or so in the conversions.  More in ports after doing a bulk build.
I wouldn't bother with it if you aren't planning to do a similar mass
conversion to strlcpy-style functions.

Note that the patch does other things as well; it detects incorrect use of
static buffers if the buffer size specified is larger than the actual
buffer.  This has found around 60-70 bugs, mainly in the ports tree (a lot
of them are sscanf string size specifiers which are off-by-one).

Doing more complicated analyses is a pain in gcc though; I started hacking
on some stuff using CIL by George Necula at Berkeley, which makes static
analysis of real-world C much, much easier.

-- 
Anil Madhavapeddy                                 http://anil.recoil.org
University of Cambridge                          http://www.cl.cam.ac.uk





More information about the Kernel mailing list