I am stuck fixing some legacy RAID code (Yes, I pulled the shortest straw).
Heres a snippet of code I found.
#define FLAG_LENGTH 256
#code
char str[FLAG_LENGTH-1]
strlcat(&str,source_ptr,FLAG_LENGTH);
There is comment right above the str declaration which says the size was 1 less for a good reason, but the generous comment writer hasnt mentioned the “good reason”.
If I understand the implementation of strlcat correctly, it NULL terminates all strings no matter what,and as size if 256 would add it to the 256th character i.e index 255, of a string of size 255, i.e last index 254. Arent we overflowing the string?? Or is there some hidden genius in doing this (Asking purely based on the comment)
Yes, this code is dangerously wrong. There’s really nothing else to say. I’m guessing somebody accidentally wrote -1 instead of +1, but there’s no reason for any discrepancy between the size of the array and the size passed to
strlcat.By the way, I think this kind of bug serves as a great example of why magical “safe” string interfaces are no panacea. Writing solid code requires not being an idiot. Language or library features will not protect you from your own stupidity.