On Wed, 5 Oct 2011, Nigel Metheringham wrote:
> On 5 Oct 2011, at 06:00, Phil Pennock wrote:
>
> >> OpenBSD also suggests:
> >>
> >> strcpy() is almost always misused, please use strlcpy()
> >> sprintf() is often misused, please use snprintf()
> >> strcat() is almost always misused, please use strlcat()
> >>
> >> in a few places. Details on request.
> >
> > Is often mis-used, but is not in Exim. They've been very carefully
> > checked, on multiple occasions. strlcpy/strlcat are excellent functions
> > which I use myself in new code, where I'm prepared to state "the porter
> > has to provide a libc with them, or add the functions". In this case,
> > Exim is handling the strings just fine.
>
> Is there a magic comment form that we can put around those areas of code
> to let the compiler/checker know we did mean this and its OK (ie turning
> off lint)?
>
> If so is it worth us quieting this particular build noisiness?
If not, I'd say it worth note the non-issue on a developer webpage/wiki,
so the next time someone asks (or someone casually reviewing the code
starts raving about not using strlcpy etc) they can be directed to it.
There is a current brief related comment in the Exim spec, but you
probably wouldn't come across it unless you were looking hard.
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.