Mailing List archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-dvb] Re: Dangerous mix between C++ strings and C char arrays
Marcus Metzler writes:
> Note : I strongly recommand you to use strncpy() instead of strcpy(),
> I would replace the last line with
>
> strncpy(path, str.str().data(), 256);
Ok, I'll have a look at that, it's probably more secure.
It _is_ more secure, and without a doubt: when the user gives your
program a pathname longer than 256 chars and you do a strcpy(), you
have a buffer overflow.
--
Nicolas Baradakis
--
Info:
To unsubscribe send a mail to listar@linuxtv.org with "unsubscribe linux-dvb" as subject.
Home |
Main Index |
Thread Index