If strncpy is so dangerous, why does Visual Studio 2005 still support it?

Raymond Chen

Raymond

In response to the news that strncpy is so dangerous, at least one person has called for Visual Studio to revoke support for such a dangerous function, considering the continued support for the function grounds for holding the compiler manufacturer liable for any defects in programs compiled with that compiler. Well, for one thing, while it’s true that strncpy is dangerous if used improperly, it is still a valid function, and my original discussion explained the history behind strncpy and the very specific scenario in which it is still useful. It just so happens that most people don’t use the function in the manner it was intended, but instead treat it as a sort of “copy string with a character limit” function, which it isn’t really. For another thing, just because something is dangerous doesn’t mean it shouldn’t be supported. Pointers and casts are dangerous, but I don’t see them disappearing from C or C++ any time soon.

Third, support for strncpy is mandated by the C standard. If you removed it, you couldn’t call yourself a C compiler any more. (Not to mention breaking compatibility with existing source code that uses the strncpy function. How would you like it if you bought a so-called C compiler and found that it couldn’t compile a large class of valid C programs?)

0 comments

Comments are closed.