From: Scot T Brennecke on
strncpy is not one of the more dangerous ones, because it uses a specific count. strcpy, strcat,
and sprintf have no such built-in protection for limiting the number of characters stuffed in the
array, and can easily overrun the buffer.

"Kurt Grittner" <grittkmg_NO_SPAM_(a)mailbag.com> wrote in message
news:qv1rc1l2c42b0s6g4oqbi73gofmfbtrka2(a)4ax.com...
> Hi Scot,
>
> On platforms like TI 54x family of DSPs there is no STL because the
> compiler is C, not C++. When I use these sort of functions it's
> always something like this:
>
> (where pml is a pointer to a structure)
>
> memset(pml->FixedLenItem, 0, sizeof(pml->FixedLenItem));
> strncpy(pml->FixedLenItem, lpszNewValue, sizeof(pml->FixedLenItem)-1);
>
> This leaves nice clean zeros in the unused bytes, makes sure that the
> dest is terminated, and avoids overruning the destination allocation.
>
> -Kurt