| ▲ | kccqzy 19 hours ago |
| You don’t do that by accident. Fixed-width strings are thoroughly outdated and unusual. Your mental model of them is very different from regular C strings. |
|
| ▲ | arka2147483647 17 hours ago | parent | next [-] |
| Sadly, all the bug trackers are full of bugs relating to char*. So you very much do those by accident. And in C, fixed width strings are not in any way rare or unusual. Go to any c codebase you will find stuff like: char buf[12];
sprintf(buf, "%s%s", this, that); // or
strcat(buf, ...) // or
strncpy(buf, ...) // and so on..
|
| |
| ▲ | snickerbockers 15 hours ago | parent | next [-] | | Thats only really a problem if this and that are coming from an external source and have not been truncated. I really don't see this as any more significant of a problem than all the many high level scripting languages where you can potentially inject code into a variable and interpret it. There are certainly ways in which the c library could've been better (eg making strncpy handle the case where the source string is longer than n) but ultimately it will always need to operate under the assumption that the people using it are both competent and acting in good faith. | |
| ▲ | kccqzy 14 hours ago | parent | prev [-] | | When you write such code your mental model is C strings, not fixed-width strings, the intended use case for strncpy. |
|
|
| ▲ | ninkendo 17 hours ago | parent | prev [-] |
| The mental model doesn’t matter, it’s the compiler’s model that is going to bite you. If the compiler doesn’t reject it, it will happen eventually. |
