On Mon, Dec 21, 2015 at 03:47:56PM -0500, Tom Lane wrote:
> 1. Using strlcpy to copy from sources that are not known null-terminated
> is outright unsafe: someday, you'll fall off the end of memory and
> SIGSEGV.
>
> 2. Even with a known null-terminated string, using strlcpy to chop small
> pieces out of it is not bright, because each call will traverse all the
> rest of the input. This means for example that extracting N words out
> of a long string will spend O(N^2) time in strlcpy.
Good points.