On Tue, Nov 12, 2019 at 3:54 PM Dave Horsfall wrote: > On Tue, 12 Nov 2019, Bakul Shah wrote: > > > Unfortunately strcpy & other buffer overflow friendly functions are > > still present in the C standard (I am looking at n2434.pdf, draft of > > Sept 25, 2019). Is C really not fixable? > > No; POSIX requires all sorts of broken functions be present, otherwise it > is not compliant; heck, last I looked it even requires gets(). And let's > not even mention pointers... We are our own worst enemy.[*] > POSIX can't even recognize that leap seconds exist :( > All is not lost, though; use strncpy() instead of strcpy() etc. These > days my first choice is Perl, despite it being bloated (I only use C if > it's trivial or I need the speed). I must look at Ruby, though... > strncpy has two issues. First, it doesn't guarantee NUL termination. Second, it always writes N bytes. It's for a fixed width data field, not a variable length string whose buffer size is known. strlcpy is much better, but still has some issues... Warner