Hi Helge, glibc developers,

On 12/4/22 10:07, Helge Kreutzmann wrote:
> Without further ado, the following was found:
> 
> Issue:    Is the "L" in the bracket (for the NULL character) correct?
> 
> "The B<wcsncpy>()  function is the wide-character equivalent of the"
> "B<strncpy>(3)  function.  It copies at most I<n> wide characters from the"
> "wide-character string pointed to by I<src>, including the terminating null"
> "wide character (L\\(aq\\e0\\(aq), to the array pointed to by I<dest>."
> "Exactly I<n> wide characters are written at I<dest>.  If the length"
> "I<wcslen(src)> is smaller than I<n>, the remaining wide characters in the"
> "array pointed to by I<dest> are filled with null wide characters.  If the"
> "length I<wcslen(src)> is greater than or equal to I<n>, the string pointed"
> "to by I<dest> will not be terminated by a null wide character."

As an unrelated note.  I've had this running in my mind for some time... your 
various bug reports for strncpy(3) and similar wide character functions have 
triggered those thougts.

I'm going to mark strncpy(3) and similar functions as deprecated, even if no 
libc or standard has done so.  There's wide agreement (at least in some 
communities) that strncpy(3) _is evil_.  There's simply no use for it.

I propose that glibc also marks it as deprecated.

I've worked for a few months on improving string handling in various projects: 
shadow-utils <https://github.com/shadow-maint/shadow/pull/569>, and in nginx 
Unit.  I've come to the following guidelines for using strings:

-  strlcpy(3):  Copy from string to string, detecting truncation
-  strscpy(9):  Copy from untrusted string to string, detecting broken ones
-  ustr2str():  Copy from unterminated string to string
    -  Definition: 
<https://github.com/shadow-maint/shadow/pull/569/files#diff-a2b8f8568ad025c2aeb4c64d3510f42d874e9ef0a64a89c2dd750aa93aabcd97>

-  stpecpy():  Copy from string to string, with easy & safe concatenation, and 
reporting truncation at the end of the chain call.
    -  Definition: <https://software.codidact.com/posts/285946/287522#answer-287522>

-  ustr2stpe():  Combination of ustr2str() and stpecpy().
    -  Definition:  Not yet public


And also, memcpy(), mempcpy(), or memccpy() can be used for copying unterminated 
strings.

But I don't see any scenario where strncpy() is the right function to call.  And 
the name is certainly not telling that either.


Cheers,

Alex


-- 
<http://www.alejandro-colomar.es/>