>>>>> On 2021-04-27 11:57:03 +0300, Sergey Bugaev wrote: >>>>> On Mon, Apr 26, 2021 at 11:10 PM Samuel Thibault wrote:
>> Err, but wouldn’t the compiler be able to determine that the size was >> properly computed, and avoid emitting a false-positive warning? > It is my understanding, based on > https://gcc.gnu.org/bugzilla//show_bug.cgi?id=88059, that GCC does > not do any sophisticated analysis here, and just warns about any case > where the specified length depends on the source size. Which makes > sense to me, because either the destination buffer size depends on > the source string length, in which case you can be sure it fits and > don’t need strncpy, or it does not depend on the source string > length, in which case the string might not fit and you’d use strncpy, > passing the destination buffer size. Note that once the string lengths are known, neither strcpy nor strcat are necessary, for memcpy is sufficient (and likely measurably faster.) See, e. g., [1]. [1] http://gnu.org/software/libc/manual/html_node/Concatenating-Strings.html […] > stow.c:290:7: warning: ‘strncpy’ output truncated before terminating > nul copying as many bytes from a string as its length > [-Wstringop-truncation] > 290 | strncpy (tmp, dir, dir_len); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ > stow.c:275:13: note: length computed here > 275 | dir_len = strlen(dir); > | ^~~~~~~~~~~ > The last one is indeed a false positive, because we (with my previous > patch merged) now null-terminate the resulting string explicitly. Same here. -- FSF associate member #7257 http://am-1.org/~ivan/
