char buf[MAX_PATH];
strcpy(buf, dir);
strcat(buf, file);
The latter seems worse, but the real better alternative is to avoid both,
and for that you shouldn't use that infamous buf[SMART_SIZE] in the first
place. And that's the only case where "safe" functions can really help,
when you can do sizeof(buf).
This scenario accounts for the vast majority of cases where I handle
"strings". 8, 64, 255, 1024; these are magic numbers that litter innumerable
RFCs and other standards. In many cases its possible to be given input which
doesn't fit the constraint, and often its OK to reject the input. But, point
being, I size char buffers in structures using these values. Having a
statically sized buffer of 64 or 255 bytes, or even 1024, is usually easier
and faster and, probably, safer than dynamically managing that particular
piece of memory. All things being equal, less code is safer code.
Now, much of the time I already know the size of the input before copying.
But there are often cases where the design has an [intentional] gap, and
you're passed a string without a size, often at the junction where a library
or component exposes itself to code usage which expects a more canonical
string interface--just a pointer. In such instances, strlcpy is priceless.
The utility of strlcpy is tacitly recognized and reflected in the signature
of C99's snprintf.
It's not as "safe" as the proposal authors make you think it is, by using
terms like "safe" and "bounds checking". And that's one of the problems
(the main one I think), that it's deceiving.
I agree. Particularly the notion that "bounds checking" is some sort of
exceptional or uncharacteristic quality of general programming hygiene.
These new interfaces certainly don't do bounds checking for you. They merely
alleviate a small part of the burden in some circumstances.
Yes, some people here do say that it's not hard to write correct code
in standard C, but that's a lie as their real code shows.
Well... lie or not, it's something to aspire to. That sort of defeatist (as
opposed to pragmatic) attitude can't be helpful. Certainly it sounds a bit
presumptive. Knuth and Berstein haven't written many checks. It goes without
saying that nobody's perfect, though.
Or science fiction, if you wish. Safe string handling API is good,
absolutely. But don't you confuse "safe" meaning what vocabulary says, and
"safe" in the title of some paperwork
The same goes for "security", or the myriad other amorphous qualitative
terms. There'll never be a substitute for critical reading and analysis. Yet
discerning writers and readers continue to use the term, because its not
their job to cater to the least common denominator, but rather to
efficiently get their message across to their intended audience.
Notwithstanding hyperbole and rhetoric, when a writer uses the term, it
_signals_ to the reader how he should approach the writing or claim.