On 12/23/22 13:26, Alejandro Colomar wrote: > Well, I do believe snprintf is also misdesigned, for the same reasons that the > strlcpy(3) manual page states that you should use strlcpy(3) for catenating typo fix: s/should/shouldn't/ > strings, but rather strlcat(3): > >        To detect truncation, perhaps while building a pathname, something like >        the following might be used: > >              char *dir, *file, pname[MAXPATHLEN]; > >              ... > >              if (strlcpy(pname, dir, sizeof(pname)) >= sizeof(pname)) >                      goto toolong; >              if (strlcat(pname, file, sizeof(pname)) >= sizeof(pname)) >                      goto toolong; > >        Since it is known how many  characters  were  copied  the  first  time, >        things can be sped up a bit by using a copy instead of an append: > >              char *dir, *file, pname[MAXPATHLEN]; >              size_t n; > >              ... > >              n = strlcpy(pname, dir, sizeof(pname)); >              if (n >= sizeof(pname)) >                      goto toolong; >              if (strlcpy(pname + n, file, sizeof(pname) ‐ n) >= sizeof(pname) ‐ n) >                      goto toolong; > >        However,  one  may question the validity of such optimizations, as they >        defeat the whole purpose of strlcpy() and strlcat().  As  a  matter  of >        fact, the first version of this manual page got it wrong. --