From: Stuart Henderson <stu@spacehopper.org>
Subject: Re: Patching libgnat with strlcpy and strlcat to remove warnings
To: ZenitDS <zenitds@proton.me>, Theo de Raadt <deraadt@openbsd.org>, "ports@openbsd.org" <ports@openbsd.org>
Date: Mon, 23 Mar 2026 17:50:25 +0000

On 2026/03/23 14:38, Stuart Henderson wrote:
> > +-    strcpy (tmp_filename, "/tmp/gnat-XXXXXX");
> > ++    assert(strlcpy (tmp_filename, "/tmp/gnat-XXXXXX",
> > ++                    __gnat_max_path_len) < (unsigned int) __gnat_max_path_len);
> > + #endif
> > +   else
> > +-    sprintf (tmp_filename, "%s/gnat-XXXXXX", tmpdir);
> > ++    assert(snprintf (tmp_filename, __gnat_max_path_len,
> > ++                     "%s/gnat-XXXXXX", tmpdir) < __gnat_max_path_len);
> > + 
> > +   close (mkstemp(tmp_filename));
> 
> am I being stupid or is this code totally broken?

posix says this (which we do)...

    "The mkstemp() function shall replace the contents of the string pointed
    to by template by a unique filename, and return a file descriptor for
    the file open for reading and writing"

so this is a) not actually broken but b) wtf?!

I suppose it does ensure that the file is created with correct
ownership, though it seems like a case where the last paragraph of
our mktemp(3) EXAMPLES might be a better choice