Re: Is strncpy really less secure than strscpy ?
From: James Dutton
Date: Thu Oct 19 2023 - 13:57:26 EST
On Thu, 19 Oct 2023 at 02:49, Bagas Sanjaya <bagasdotme@xxxxxxxxx> wrote:
>
[snip]
>
> What if printf("a is %.*s\n", a);?
Um, it fails to compile.
>
> >
> >
> > So, why isn't the printk format specifier "%.*s" used more instead of
> > "%s" in the kernel?
>
> Since basically strings are pointers.
Um, I was trying to draw people's attention to the fact that "%.*s" is
much safer than "%s".
"%s" is like strcpy() but for print statements.
"%.*s" is like strncpy() but for print statements.
Why wasn't "%.*s" also included in the string discussions previously?