# HG changeset patch
# User Sascha Wilde <wilde@intevation.de>
# Date 1395673787 -3600
# Node ID b026e6d2a1618e86b531bb339578a6ff9b9ce09d
# Parent  5fa4791d6d0e1c45cfb1a361b6ab44aaa0a5e1dc
Make flawfinder (a bit more) happy.

diff -r 5fa4791d6d0e -r b026e6d2a161 common/strhelp.c
--- a/common/strhelp.c	Mon Mar 24 15:36:12 2014 +0100
+++ b/common/strhelp.c	Mon Mar 24 16:09:47 2014 +0100
@@ -5,6 +5,17 @@
 #include <string.h>
 #include <assert.h>
 
+/* Remarks regarding the "Flawfinder: ignore" comments in this file:
+ *
+ * - strlen:
+ *
+ *   It's true that strlen might crash if input is not null
+ *   terminated.  But by design there is not safe way to get the
+ *   length of an string in C, and defining an additional length
+ *   parameter for string parameter will only transfere the problem to
+ *   the caller.
+ */
+
 static void
 out_of_core(void)
 {
@@ -107,8 +118,8 @@
 bool
 str_equal (char *s1, char *s2)
 {
-  size_t l1 = strlen(s1);
-  size_t l2 = strlen(s2);
+  size_t l1 = strlen(s1);       /* Flawfinder: ignore */
+  size_t l2 = strlen(s2);       /* Flawfinder: ignore */
   if ((l1 == l2) &&
       (strcmp(s1, s2) == 0))
     return true;
@@ -119,7 +130,8 @@
 bool
 str_starts_with (char *s1, char *s2)
 {
-  if (strncmp(s1, s2, strlen(s2)) == 0)
+  size_t l2 = strlen(s2);       /* Flawfinder: ignore */
+  if (strncmp(s1, s2, l2) == 0)
     return true;
   else
     return false;
@@ -133,7 +145,7 @@
     {
       while (isspace(**s))
         (*s)++;
-      i = strlen(*s);
+      i = strlen(*s);           /* Flawfinder: ignore */
       while (isspace((*s)[--i]))
         (*s)[i] = '\0';
     }