Well, if the strcpy/strcat/strcat sequence is safe, the corresponding sprintf is also safe (and if it wasn't safe, then the code would need to be fixed anyway). So it's permissible and safe to use: sprintf(lsp->fullname, "%s/%s", p, name); I was under the impression Paul had just said that using snprintf() was OK now as it was part of C99 — though he mistyped C99 as C89 in the last email I saw commenting on the subject. On Mon, Jun 12, 2017 at 3:41 PM, Brian Inglis < Brian.Inglis@systematicsw.ab.ca> wrote:
On 2017-06-12 15:10, Christos Zoulas wrote:
On Jun 12, 11:21am, eggert@cs.ucla.edu (Paul Eggert) wrote: -- Subject: Re: [tz] defensive value for define on Solaris causes load of tim
| return EINVAL; | if (sizeof lsp->fullname - 1 <=3D strlen(p) + strlen(name)) | return ENAMETOOLONG; | - strcpy(fullname, p); | - strcat(fullname, "/"); | - strcat(fullname, name); | + strcpy(lsp->fullname, p); | + strcat(lsp->fullname, "/"); | + strcat(lsp->fullname, name);
Why not:
snprintf(lsp->fullname, sizeof(lsp_fullname), "%s/%s", p, name);
and remove more code... From another post today: /* ** We avoid using snprintf since it's not available on all systems. */
-- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
-- Jonathan Leffler <jonathan.leffler@gmail.com> #include <disclaimer.h> Guardian of DBD::Informix - v2015.1101 - http://dbi.perl.org "Blessed are we who can laugh at ourselves, for we shall never cease to be amused."