The code uses strcpy to write data in an error buffer passed at runtime, but there is no way for the caller to know the buffer size that will be needed.
Using this feature is thus insecure, even if it can be worked around by using absurdly large buffers.
The strncpy function would require C99, same for memcpy. I do not know if C98 have any way of doing this safely.
The code uses
strcpyto write data in an error buffer passed at runtime, but there is no way for the caller to know the buffer size that will be needed.Using this feature is thus insecure, even if it can be worked around by using absurdly large buffers.
The
strncpyfunction would require C99, same formemcpy. I do not know if C98 have any way of doing this safely.