[PATCH] weston-launch: Fixed TTY switching

Daniel Stone daniel at fooishbar.org
Wed Apr 8 14:35:53 PDT 2015

On Wednesday, April 8, 2015, Bill Spitzak <spitzak at gmail.com> wrote:

> On 04/07/2015 05:03 PM, Bryce Harrington wrote:
>> I'm sure this is not going to ever be a problem since tty filenames and
>> paths are on the short side, but since the tty string is an input
>> parameter to this routine, it would be better defensive programming to
>> use strncpy.
> strncpy is not a fix and should never be used.
> That is because the proper invocation is:
>         strncpy(dest, len-1, src); dest[len-1] = 0;
> This is almost always done incorrectly, and even when correct it is hard
> to read and it wastes time filling the buffer with 0 when only the first 0
> needs to be written.
> The best solution is to use strlcpy.
> If politics make that impossible, use snprintf(dest, len, "%s", src) which
> is exactly the same as strlcpy, including the return value! (imagine
> that...)

It's not the politics, it's that silently truncating a filename you're
hoping to use will at best pick a non-existent file, and at worst pick a
totally different/unrelated file.

Unless truncation is explicitly acceptable
(indicative/non-authoritative strings in UI), strlcpy and other
silently-truncating copies are actively harmful, and a potential security

To be honest though, I'd prefer the library entrypoint existed so the
intention was clear, making it easier to audit for and spot this horrendous

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20150408/89cfcca8/attachment.html>

More information about the wayland-devel mailing list