From owner-freebsd-hackers Wed Feb 12 09:31:39 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA12826 for hackers-outgoing; Wed, 12 Feb 1997 09:31:39 -0800 (PST) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id JAA12814 for ; Wed, 12 Feb 1997 09:31:35 -0800 (PST) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id KAA00750; Wed, 12 Feb 1997 10:25:31 -0700 From: Terry Lambert Message-Id: <199702121725.KAA00750@phaeton.artisoft.com> Subject: Re: strlen() question To: danny@panda.hilink.com.au (Daniel O'Callaghan) Date: Wed, 12 Feb 1997 10:25:31 -0700 (MST) Cc: hackers@freebsd.org In-Reply-To: from "Daniel O'Callaghan" at Feb 12, 97 06:04:59 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Below is the code for strlen() from libc. It is extremely simple, and > fast. Is it really safe to assume that strlen() will never exceed process > memory bounds before striking a '\0'? Or should there be a strnlen() > function in libc for checking the length of suspicious strings? [ ... code elided ... ] Yes. It is safe. If the string travels beyond the address space of the process, the process will fail in a deterministic manner. PS: You are required to pass only NULL terminated strings to strlen(); that is the definition of its interface. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.