{
char src[] = "Those who dare to fail miserably can achieve greatly.";
char dst[100], old_dst[100];
- int indicator;
+ int indicator, i;
size_t s1size = sizeof (dst); // including null
errno_t err;
return -1;
/* n > string len of src */
+ err = clib_memset (dst, 1, sizeof (dst));
+ if (err != EOK)
+ return -1;
+
err = strncpy_s (dst, s1size, src, clib_strnlen (src, sizeof (src)) + 10);
if (err != EOK)
return -1;
if (indicator != 0)
return -1;
+ /* Make sure bytes after strlen(dst) is untouched */
+ for (i = 1 + clib_strnlen (dst, sizeof (dst)); i < sizeof (dst); i++)
+ if (dst[i] != 1)
+ return -1;
+
/* truncation, n >= dmax */
err = strncpy_s (dst, clib_strnlen (src, sizeof (src)), src,
clib_strnlen (src, sizeof (src)));
* In order to provide smooth mapping from unsafe string API to the clib string
* macro, we often have to improvise s1max and s2max due to the additional
* arguments are required for implementing the safe API. This macro is used
- * to provide the s1max/s2max. It is not perfect becuase the actual
+ * to provide the s1max/s2max. It is not perfect because the actual
* s1max/s2max may be greater than 4k and the mapping from the unsafe API to
* the macro would cause a regression. However, it is not terribly likely.
* So I bet against the odds.
}
}
else
- m = n;
+ /* cap the copy to strlen(src) in case n > strlen(src) */
+ m = clib_strnlen (src, n);
/* Check for src/dst overlap, which is not allowed */
low = (uword) (src < dest ? src : dest);