Comment Re:No - there are plenty of safer alternatives (Score 1) 486
Mod parent up!
So very many programmers tend to forget that strncpy DOES NOT ALWAYS NULL TERMINATE!
The only time it does is when the source data is shorter than the destination buffer. If the source string is longer than the destination buffer however, then the end result is the string is NOT null terminated, thereby leading to Bad Things(tm) happening whenever some other code does a strlen on the result (or worse, uses the return value from strlen(result) to determine how much data needs to be memcpy'ed somewhere).
strncpy is bad.
Use strlcpy (BSD) or MS's strcpy_s instead.
So very many programmers tend to forget that strncpy DOES NOT ALWAYS NULL TERMINATE!
The only time it does is when the source data is shorter than the destination buffer. If the source string is longer than the destination buffer however, then the end result is the string is NOT null terminated, thereby leading to Bad Things(tm) happening whenever some other code does a strlen on the result (or worse, uses the return value from strlen(result) to determine how much data needs to be memcpy'ed somewhere).
strncpy is bad.
Use strlcpy (BSD) or MS's strcpy_s instead.