> > #define safe_strcat(dst,src)
> > strncat(dst,src,sizeof(dst))
>
> This is NOT safe or even close to correct. There are two big problems
> here:
>
> 1) sizeof(dst) is very often going to be sizeof(char *) which is 2, no matter
> how much space is malloc'd.
Several of you pointed this out. You are correct that it returns the
size of pointer themselves, not the alloced space. I use definitions
like this every time I work with strings which in my case are always
arrays, not pointers. So while it fits my programming style, it may not
fit others. I apologize to giving the wrong impression with above
thought.
Perhaps we could use another 'sizeof' companion that could return the
size of an allocated piece of memory. For example:
pointer=malloc(1024);
printf("Size of pointer: %ul, size of segment: %ul", sizeof(pointer), alloclen(pointer));
> 2) Even if sizeof(dst) did give the right answer in all cases, your macro
> would still be susceptible to buffer overflows. Bascially, the third
> argument to strcat doesn't do what you seem to think it does. You'd
> need to make that: strncat(dst, src, sizeof(dst)-strlen(dst)-1),
*blush*.... I guess I should have used safe_strncat instead... :)
> > #define safe_strcat(dst,src)
> > strncat(dst,src,sizeof(dst))
>
> This is NOT safe or even close to correct. There are two big problems
> here:
>
> 1) sizeof(dst) is very often going to be sizeof(char *) which is 2, no matter
> how much space is malloc'd.
Several of you pointed this out. You are correct that it returns the
size of pointer themselves, not the alloced space. I use definitions
like this every time I work with strings which in my case are always
arrays, not pointers. So while it fits my programming style, it may not
fit others. I apologize to giving the wrong impression with above
thought.
Perhaps we could use another 'sizeof' companion that could return the
size of an allocated piece of memory. For example:
pointer=malloc(1024);
printf("Size of pointer: %ul, size of segment: %ul", sizeof(pointer), alloclen(pointer));
> 2) Even if sizeof(dst) did give the right answer in all cases, your macro
> would still be susceptible to buffer overflows. Bascially, the third
> argument to strcat doesn't do what you seem to think it does. You'd
> need to make that: strncat(dst, src, sizeof(dst)-strlen(dst)-1),
*blush*.... I guess I should have used safe_strncat instead... :)
Frank
[ reply ]