I am working with “gcc (GCC) 11.4.1 20231218 (Red Hat 11.4.1-3)” so my apologies if something has already been done about this. I am also not a “list subscriber” so I will not see all the discussion this post may cause, but seeing a couple of direct replies will be appreciated.
I am working on removing warnings from code and do not like using “nonstring”
where it is not strictly true.
It is my understanding that the following code sequence will not produce the
warning:
static const size_t BUFF_LEN = 256;
char cmdBuff[BUFF_LEN];
strncpy(cmdBuff, pCmdStr, BUFF_LEN);
cmdBuff[BUFF_LEN-1] = ‘\0’;
However, that fourth statement hides the truncation from detection and can be
considered a “bad practice” In many situations.
Most of the code that I am looking at replaces that fourth statement with:
If (‘\0’ != cmdBuff[BUFF_LEN-1]){. . .}
Thus, the truncation is detected and handled in some manner.
I can see how blindly accepting that the “truncation detection” solution can
lead to “false negatives”. Most of the code that I am looking at has a lot of
logic after the truncation handling block that would take a major amount of
“static analysis effort” to prove correct. So, I do not propose that either.
It is also possible that the detection could be done using strcmp(), but that
would lead to unnecessary runtime effort.
The solution that I see is to add the “string termination” statement as the
first thing done within the “truncation recovery” block. The code that I am
looking at is seemingly coded to prevent use, but who knows what may be done to
it in the future.
I admit that I do not understand the complexities of static analysis very well.
However, I suspect that it would not take much to change from simply “is
immediately terminated” to adding “or truncation detected and repaired”.
I know I am simplifying things a bit here. I can think of at least four valid
ways that conditional might be correctly coded, but those should all be easily
matched.
What I am wondering is:
* Does what I am proposing make sense and satisfy all the original issues that
the warning exists to satisfy?
* Am I correct that my solution would not take too much to implement in the
compiler?
Francis Belliveau
Consultant
Lincoln Laboratory, Massachusetts Institute of Technology
244 Wood Street
Lexington, MA 02421-6426
smime.p7s
Description: S/MIME cryptographic signature
