std.file functions and embedded NUL characters [CWE-158]

Steven Schveighoffer schveiguy at gmail.com
Fri Aug 1 18:13:57 UTC 2025


On Friday, 1 August 2025 at 17:53:17 UTC, Steven Schveighoffer 
wrote:
> If instead you check every character, you will change to a for 
> loop, which will be slow.
>
> I think the right answer here is to use 
> [strncpy](https://cplusplus.com/reference/cstring/strncpy/). 
> According to the docs, strncpy will copy up to N characters. 
> But if a NUL character is reached before end of the string, 
> then it zeroes the rest of the buffer. This means we can detect 
> whether a 0 was inside the string by checking the last byte 
> copied.

https://github.com/dlang/phobos/issues/10836

Would be quite an easy fix if someone wants to tackle it.

-Steve


More information about the Digitalmars-d mailing list