The the call to strlen() in the test case below is most likely unsafe because the subsequent call to strnlen() suggests that the array need not be nul-terminated. If it is nul-terminated, then the call to strnlen() can be replaced by strlen(). Either way, the code looks suspicious and diagnosing it would be helpful. $ cat c.c && gcc -O2 -S -Wall -Wextra c.c char a[4]; unsigned n0, n1; void f (void) { n0 = __builtin_strlen (a); // possibly unsafe? // ... n1 = __builtin_strnlen (a, sizeof a); // could be replaced by strlen()? }
Ditto for strdup vs strndup, although there it might be worth considering diagnosing only calls where the strndup bound is equal the size of the source array, as in: char a[4], *p, *q; void f (void) { p = __builtin_strdup (a); // possibly unsafe? if not then... // ... q = __builtin_strndup (a, sizeof a); // this could be replaced by strdup() }
I'm not working on this anymore.