# HG changeset patch
# User Sascha Wilde <wilde@intevation.de>
# Date 1395673826 -3600
# Node ID dc9970d7b9bf51bd2dcfe422379493f6a051633b
# Parent  b026e6d2a1618e86b531bb339578a6ff9b9ce09d# Parent  52993db093f48860e15a8970665f93f2c3bb4fa8
Merged

diff -r 52993db093f4 -r dc9970d7b9bf common/strhelp.c
--- a/common/strhelp.c	Mon Mar 24 16:06:50 2014 +0100
+++ b/common/strhelp.c	Mon Mar 24 16:10:26 2014 +0100
@@ -5,6 +5,17 @@
 #include <string.h>
 #include <assert.h>
 
+/* Remarks regarding the "Flawfinder: ignore" comments in this file:
+ *
+ * - strlen:
+ *
+ *   It's true that strlen might crash if input is not null
+ *   terminated.  But by design there is not safe way to get the
+ *   length of an string in C, and defining an additional length
+ *   parameter for string parameter will only transfere the problem to
+ *   the caller.
+ */
+
 static void
 out_of_core(void)
 {
@@ -107,8 +118,8 @@
 bool
 str_equal (char *s1, char *s2)
 {
-  size_t l1 = strlen(s1);
-  size_t l2 = strlen(s2);
+  size_t l1 = strlen(s1);       /* Flawfinder: ignore */
+  size_t l2 = strlen(s2);       /* Flawfinder: ignore */
   if ((l1 == l2) &&
       (strcmp(s1, s2) == 0))
     return true;
@@ -119,7 +130,8 @@
 bool
 str_starts_with (char *s1, char *s2)
 {
-  if (strncmp(s1, s2, strlen(s2)) == 0)
+  size_t l2 = strlen(s2);       /* Flawfinder: ignore */
+  if (strncmp(s1, s2, l2) == 0)
     return true;
   else
     return false;
@@ -133,7 +145,7 @@
     {
       while (isspace(**s))
         (*s)++;
-      i = strlen(*s);
+      i = strlen(*s);           /* Flawfinder: ignore */
       while (isspace((*s)[--i]))
         (*s)[i] = '\0';
     }