strncpy

Hence they don't like strncpy(), but what they really mean is that they shouldn't have been considering strncpy() in the first place.

Write a two line function to do it for you, and use that function in place of strncpy.

You'd be mad to use strncpy when better alternatives are so easy to find or create.

No one claims that strncpy is 'safe' they just say 'safer', that is, less likely than normal strcpy to have catastrophic bugs.

People keep on misusing strncpy which is why people keep blogging about it.

There is a very simple, efficient solution: always put a null termination character in the end position of the destination after the strncpy().

And I think that claim stands up: make sure your n in strncpy is the length of your buffer, do a strncpy, write a null at the end of the buffer.

It's a shame that strncpy doesn't have the semantics of OpenBSD's strlcpy, which I think behaves as everyone would expect.

Also, strncpy pads the destination with nulls, if there is remaining space.

The fact that strncpy zeros the buffer may make it slower.

I've even seen things like strncpy(dest, src, strlen(src)); which is certainly no safer than strcpy().

Calling strncpy and then manually null-terminating is not a good alternative.

Because of this, the evident purpose of strncpy is to fill fixed-width text fields in "old school" fixed-field database records.

I presume this link was posted here as a result of my recent comment on the "Don't Learn C the Wrong Way" article, which recommends strncpy() and strlcpy() as safer alternatives to strcpy().

So strncpy(dst, src, size_dst); becomes snprintf(dst, size_dst, "%s", src); Checking for partial copy is not ideal though, snprintf returns the number of bytes it would have copied had the destination buffer been infinite excluding the final NUL byte.

There's very little known "for sure", and it doesn't compare to the kind of experience we have building a bridge (there are people who can make really good arguments that mutability is "unsafe" for customers, or that strcpy vs strncpy, or hell, C being used at all).