Why is strdup considered to be evil

Question

I\'ve seen some posters stating that strdup is evil. Is there a consensus on this? I\'ve used it without any guilty feelings and can see no reason why it is wo

Answer 1

I think the majority of the concern about strdup comes from security concerns regarding buffer over runs, and improperly formatted strings. If a non-null terminated string is passed to strdup it can allocated an undefined length string. I don't know if this can be specifically leveraged into an attack but in general it is good secure coding practice to only use string functions which take a maximum length instead of relying on the null character alone.