Re: C++ Compiler with a -Wwarn-use-of-strcpy or similar option??

psheer@icon.co.za (Paul Sheer)
14 Sep 2004 16:38:12 -0400

          From comp.compilers

Related articles
C++ Compiler with a -Wwarn-use-of-strcpy or similar option?? psheer@WITHOUTicon.co.za (Paul Sheer) (2004-09-07)
Re: C++ Compiler with a -Wwarn-use-of-strcpy or similar option?? christian.bau@cbau.freeserve.co.uk (Christian Bau) (2004-09-08)
Re: C++ Compiler with a -Wwarn-use-of-strcpy or similar option?? kenrose@tfb.com (Ken Rose) (2004-09-13)
Re: C++ Compiler with a -Wwarn-use-of-strcpy or similar option?? strohm@airmail.net (John R. Strohm) (2004-09-13)
Re: C++ Compiler with a -Wwarn-use-of-strcpy or similar option?? psheer@icon.co.za (2004-09-14)
| List of all articles for this month |

From: psheer@icon.co.za (Paul Sheer)
Newsgroups: comp.compilers,comp.lang.c++
Date: 14 Sep 2004 16:38:12 -0400
Organization: http://groups.google.com
References: 04-09-038 04-09-064
Keywords: C++, practice
Posted-Date: 14 Sep 2004 16:38:12 EDT

> 1. Replacing strcpy with strncpy is a very bad idea. Where strcpy
> overwrites memory, strncpy will create char arrays that are not C
> strings.


Well, strncpy with a terminating assignment afterward. or of course
strlcpy


> 2. If you perform these changes automatically using some tool then
> security will go _down_.


Only if the tool is not intelligent enough to only do replacements in
cases where the array size is fixed.


> My recommendation: Take the whole source code. Give it to two
> separate programmers. Let them discuss very carefully between them
> how to make


This Is Exactly What I Don'T Want


Either the tool must be intelligent to make the changes without
errors, or there is no point.


See this thread on comp.lang.c++ .....


-paul


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.