Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Screenshot from above replied to article: Oof! The developer has (rightly) used strncpy, instead of the unsafe strcpy, but has mistakenly passed in the size of the input string - notthe size of the destination buffer - as the size Iagly®

Download link

Screenshot from above replied to article: Oof! The developer has (rightly) used strncpy, instead of the unsafe strcpy, but has mistakenly passed in the size of the input string - notthe size of the destination buffer - as the size Iagly®
https://media.hachyderm.io/media_attachments/files/113/802/267/487/560/055/original/3ed854132249fc28.png

Notices where this attachment appears

Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Friday, 10-Jan-2025 13:55:39 JST Rich Felker
in reply to

@da_667 LMAO this os exactly why the MSVC "secure"/Annex K interfaces are utterly useless. Passing the wrong size twice is no more a deterrent than passing the wrong size once.
(FWIW strncpy is also the wrong thing to use here, as it's for null padded buffers not null terminated and will fail to terminate when buffer is full. It can be used to construct thr right thing but that's not its purpose and it's not well suited.)

In conversation about a month ago from hachyderm.io permalink