In message <http://marc.info/?l=openbsd-tech&m=121183803128128&w=1>,

"Ted Unangst" <ted.unangst () gmail ! com> pointed out that

# strlcpy is wrong with overlapping arguments.
Should this be mentioned in the strlcpy/strlcat man page?

(It isn't as of 4.3-release.)  Here's a suggested patch:
Index: strlcpy.3

===================================================================

RCS file: /cvs/src/lib/libc/string/strlcpy.3,v

retrieving revision 1.19

diff -u -r1.19 strlcpy.3

--- strlcpy.3	31 May 2007 19:19:32 -0000	1.19

+++ strlcpy.3	27 May 2008 10:51:45 -0000

@@ -88,6 +88,17 @@

 It will append at most

 .Fa size

 - strlen(dst) - 1 bytes, NUL-terminating the result.

+.Pp

+.Fa src

+and

+.Fa dst

+must not overlap, i.e., no character copied by

+.Fn strlcpy

+or

+.Fn strlcat

+may be within the initial

+.Fa dst

+string.

 .Sh RETURN VALUES

 The

 .Fn strlcpy
ciao,
--

-- Jonathan Thornburg (remove -animal to reply) <J.Thornburg@soton.ac-zebra.uk>

   School of Mathematics, U of Southampton, England

   "Washing one's hands of the conflict between the powerful and the

    powerless means to side with the powerful, not to be neutral."

                                      -- quote by Freire / poster by Oxfam

Maybe.  I think it logically follows that the same rules would apply

as they do for strcpy and strcat, without mentioning them all.

I agree with Ted.  I think it is obvious, and does not need to be

stated.  The manual pages describe the algorithm in sufficient detail.
If you can't program, then please -- don't program.

Hmmm, not sure if I agree with that, I no one ever tried to do things

that they can't do, the world would be a sorry place.
Craig

the man pages are not intended to be a replacement for "learn to

program in c in 24 hours".  if you are lacking elementary principles,

the solution is to find a better (different) introduction, not dumb

down the man pages.

I think the advice should have been not to program *professionally* until one

knows what he or she is doing.  Nobody is born a programmer.

A monkey MIGHT sit down to a typewriter and write a novel.

However, that is not the way to bet.
Overlapping parameters on a memory to memory copy:

That turf belongs to non-portable code and bare assembly

where it is the programmer's whim that dictates storage order.
Any "high-level" code that depends on that kind of behavior

has gotta be suicidal.

With all due respect, it is also (strictly speaking) possible that someone

might be born knowing how to program and therefore never need to

experiment or make mistakes; however, I wouldn't lay my money there,

either.
+-----------------------------------------------------+

Glenn Becker - burningc@sdf.lonestar.org

SDF Public Access UNIX System - http://sdf.lonestar.org

+-----------------------------------------------------+

Quibble about the THEREFORE.
People who know how to program, born that way or otherwise,

know how to experiment and profit from mistakes.

Seems that it is only the people who do NOT know how to program

that assume that they cannot make mistakes

and do not need to experiment.

So you'll go write the next great buffer overflowing program and

punish all the people who use it?
If you can't use strcpy and strlcpy correctly, then you should not

be a programmer.