I am working with “gcc (GCC) 11.4.1 20231218 (Red Hat 11.4.1-3)” so my 
apologies if something has already been done about this. 
I am also not a “list subscriber” so I will not see all the discussion this 
post may cause, but seeing a couple of direct replies will be appreciated. 

I am working on removing warnings from code and do not like using “nonstring” 
where it is not strictly true. 
It is my understanding that the following code sequence will not produce the 
warning: 

static const size_t BUFF_LEN = 256; 
char cmdBuff[BUFF_LEN]; 
strncpy(cmdBuff, pCmdStr, BUFF_LEN); 
cmdBuff[BUFF_LEN-1] = ‘\0’; 

However, that fourth statement hides the truncation from detection and can be 
considered a “bad practice” In many situations. 
Most of the code that I am looking at replaces that fourth statement with: 

If (‘\0’ != cmdBuff[BUFF_LEN-1]){. . .} 

Thus, the truncation is detected and handled in some manner. 

I can see how blindly accepting that the “truncation detection” solution can 
lead to “false negatives”. Most of the code that I am looking at has a lot of 
logic after the truncation handling block that would take a major amount of 
“static analysis effort” to prove correct. So, I do not propose that either. 
It is also possible that the detection could be done using strcmp(), but that 
would lead to unnecessary runtime effort. 

The solution that I see is to add the “string termination” statement as the 
first thing done within the “truncation recovery” block. The code that I am 
looking at is seemingly coded to prevent use, but who knows what may be done to 
it in the future. 

I admit that I do not understand the complexities of static analysis very well. 
However, I suspect that it would not take much to change from simply “is 
immediately terminated” to adding “or truncation detected and repaired”. 
I know I am simplifying things a bit here. I can think of at least four valid 
ways that conditional might be correctly coded, but those should all be easily 
matched. 

What I am wondering is: 
* Does what I am proposing make sense and satisfy all the original issues that 
the warning exists to satisfy? 
* Am I correct that my solution would not take too much to implement in the 
compiler? 

Francis Belliveau 
Consultant 
Lincoln Laboratory, Massachusetts Institute of Technology 
244 Wood Street 
Lexington, MA 02421-6426 



Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to