Do you know what strlcpy/strlcat does? I know about strn* versions but not the strl* versions... and if we Linux geeks need to slap the glibc folks to get it in that library.

strn* and friends are “safer,” in that they only copy up to a fixed number of characters. This does not include the NULL byte. For example:

const size_t dest_len = 5; char dest[dest_len]; strncpy(dest, "12345", dest_len); printf("%x

", dest[dest_len - 1]);

The character printed will be 0x35, which is the hex value of the character ‘5’. To deal with this, a lot of developers will do:

strncpy(dest, "12345", dest_len); dest[dest_len - 1] = '\0';

or

strncpy(dest, "12345", dest_len - 1);

This isn’t hard, but it is a common strncpy(3) gotcha. strlcpy(3) and strlcat(3), on the other hand, will always NULL terminate.

Some people claim that this is bad behavior, since strings potentially get truncated. That’s straight-up wrong, because strl* returns the size of the string that it tried to create. Detection of truncation becomes, well, trivial at that point. I guess it’s only hard for the people that think don’t check the return value on malloc(3).

glibc has repeatedly refused to implement strl*, and I doubt they’ll ever budge. Their wiki defends this decision with the same bullshit that I explained above.