[Python-Dev] strncpy

Thu, 13 Jul 2000 01:54:25 -0700

On Thu, Jul 13, 2000 at 01:07:30AM -0500, Paul Prescod wrote:
>...
> > Easy but tedious to
> > fix (e.g., #define the buf length, and use runtime code in 
> > conjunction with strncpy to guarantee buf's bounds are respected). 
> 
> Let me suggest two non-tedious solutions so you can shoot them down:
> 
> 1. 
> 
> sprintf(buf, "Local variable referenced "
> 		"before assignment: %.128s",
> 		namestr);
> 
> Rationale: if you don't know what variable I'm talking about after 128
> characters, you've got bigger problems than I can help with. I see this
> solution elsewhere in the code.
> 
> 2. 
> 
> Add an implementation of snprintf to our code and fix the other hundred
> or so sprintf occurrences to use it. Most of them are safe but it
> couldn't hurt to pass cleanly through those heuristic security checkers
> 
> Here's one:
> 
> http://www.ijs.si/software/snprintf/
> 
> And there is one in Apache.

Actually, I looked into this a few months ago. There isn't a need to bulk up
Python with a complete snprintf() solution. We really only use a couple
format codes for generating error strings. Please see my note at:

    http://www.python.org/pipermail/python-dev/2000-April/010051.html

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/