I am working with “gcc (GCC) 11.4.1 20231218 (Red Hat 11.4.1-3)” so my apologies if something has already been done about this. I am also not a “list subscriber” so I will not see all the discussion this post may cause, but seeing a couple of direct replies will be appreciated.
I am working on removing warnings from code and do not like using “nonstring” where it is not strictly true. It is my understanding that the following code sequence will not produce the warning: static const size_t BUFF_LEN = 256; char cmdBuff[BUFF_LEN]; strncpy(cmdBuff, pCmdStr, BUFF_LEN); cmdBuff[BUFF_LEN-1] = ‘\0’; However, that fourth statement hides the truncation from detection and can be considered a “bad practice” In many situations. Most of the code that I am looking at replaces that fourth statement with: If (‘\0’ != cmdBuff[BUFF_LEN-1]){. . .} Thus, the truncation is detected and handled in some manner. I can see how blindly accepting that the “truncation detection” solution can lead to “false negatives”. Most of the code that I am looking at has a lot of logic after the truncation handling block that would take a major amount of “static analysis effort” to prove correct. So, I do not propose that either. It is also possible that the detection could be done using strcmp(), but that would lead to unnecessary runtime effort. The solution that I see is to add the “string termination” statement as the first thing done within the “truncation recovery” block. The code that I am looking at is seemingly coded to prevent use, but who knows what may be done to it in the future. I admit that I do not understand the complexities of static analysis very well. However, I suspect that it would not take much to change from simply “is immediately terminated” to adding “or truncation detected and repaired”. I know I am simplifying things a bit here. I can think of at least four valid ways that conditional might be correctly coded, but those should all be easily matched. What I am wondering is: * Does what I am proposing make sense and satisfy all the original issues that the warning exists to satisfy? * Am I correct that my solution would not take too much to implement in the compiler? Francis Belliveau Consultant Lincoln Laboratory, Massachusetts Institute of Technology 244 Wood Street Lexington, MA 02421-6426
smime.p7s
Description: S/MIME cryptographic signature