Dangerous strcpy

I tried out a "security checker" today that supposedly looks for security-related properties of code. It mostly produced nonsense, but it did find this: in sound.c, line 645, we do a strcpy. We are copying into a stack buffer of fixed size (255 bytes). We are copying from h->h_name, where h is a struct hostent * returned by gethostbyname(). Do we actually know that h->h_name must be 254 (+ 1 null terminator) characters long or less? I don't see anything on the gethostbyname man page that so indicates. -- Jerry James, Assistant Professor james(a)xemacs.org Computer Science Department http://www.cs.usu.edu/~jerry/ Utah State University