Comment by WalterBright
1 day ago
Whenever I review C code, I always look for the string functions. About 90% of the time, I find a bug in it. The bug is always about forgetting to account for the terminating 0 byte.
The functions strncpy, snprintf, strncat, are fountains of bugs.
P.S. For these reasons I have abandoned the "n" functions, such as strncpy, strncat, etc.
I still use snprintf, though, because it is so darned useful. But I wrap it up in another function after carefully ensuring it is called correctly.