But if you tokenize your input and don't care about the length of the
tokens, it often doesn't really make sense passing around the size of
the strings handled. I agree that you know the lengths most of the time,
but if buffer handling is the only reason passing these values around
and keeping them up-to-date, it is often easier to discard them and
calculate them if needed.
----------
$ uname -a
SunOS anduril 5.10 Generic_118833-03 sun4u sparc SUNW,Sun-Blade-1000
$ man strlcpy
The strlcpy() function copies at most dstsize-1 characters
(dstsize being the size of the string buffer dst) from src
to dst, truncating src if necessary. The result is always
null-terminated. The function returns strlen(src). Buffer
overflow can be checked as follows:

if (strlcpy(dst, src, dstsize) >= dstsize)
return -1;
--------

So strlcpy returns the size of the input string and it gives you the
opportunity to resize the buffer if needed. So no data will be lost, and
here is nothing sloppy...

E.g.:
char *buffer; /* your buffer */
size_t bufsize; /* current size of the buffer */

while (strlcpy(buffer,src,bufsize) >= bufsize) {
buffer = realloc(buffer, bufsize += getpagesize());
assert(buffer);
}

This way of implementation is especially useful, if you can guess a
buffersize that is big enough for 99% of all cases. The missing cases
then can easily be handled like shown above. And don't forget that you
will need a struct or pointers to return a token from a function that
consists of char * and size_t. Using only char * can make things easier.

But this is probably also a matter of style.

Cheers,
Tom

Since strlcpy() also tells it did do some chopping, such error
conditions are easily verified.

Memcpy() leads to a mess which is hard to verify as being correct;
strlcat() and strlcpy() allow easy coding with easy error handling.

Snprintf(), strl*() return the amount of space actually needed; *not*
so you can just discard the remainder but so that you can bail out
when it returns a value larger than the buffer size.

Casper

If you know the maximum size of your strings and act accordingly, you
won't get any overflows. Please reread my posting and don't cut away the
important parts.
Of course not. If you don't know how much you will get, you always have
to allocate a block and see if it is enough. If it isn't you must
realloc and then continue reading. There are of course also other valid
approaches.
I didn't invent strlcpy. It has been there since many years in the
*BSDs. Please read the discussion about strlcpy yourself, the comment of
Casper Dik in this thread, and my comment how strlcpy can safely handle
certain situations and ease implementation at the same time.
I know about security. You don't have to point me at something I am
really aware of. If you had read my posting more closely and not only
objected to me complaining that Linux is missing something, then you
would have seen that I _do_ care about security.

BTW: security is only really important if you have to handle untrusted
data. My observation came up when I wrote a program that handles user
input. Additionally, there are many applications that must be written in
C and cannot employ C++ std::string, an arbitrary third party string
handling library or something similar. C++ std::string is obviously
superior, but if you must not link against the C++ library, this way is
obviously not an option.