I see following isolated from bctoolbox package: $ cat log.c #include <stdlib.h> #include <string.h> char *bctbx_strcat_vprintf(char *dst, char *ret) { size_t dstlen, retlen; if (!dst) return ret; dstlen = strlen(dst); retlen = strlen(ret); if ((dst = __builtin_realloc(dst, dstlen + retlen + 1)) != 0) { strncat(dst, ret, retlen); dst[dstlen + retlen] = '\0'; return dst; } else { return 0; } } char *a; char *b; int main(int argc, char **argv) { a = malloc(10); b = malloc(10); if (argc) { strcpy(a, "one"); strcpy(b, "two"); } __builtin_printf(bctbx_strcat_vprintf(a, b)); return 0; } $ gcc log.c -c -O2 -Wstringop-truncation log.c: In function ‘bctbx_strcat_vprintf.part.0’: log.c:14:5: warning: ‘strncat’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] 14 | strncat(dst, ret, retlen); | ^~~~~~~~~~~~~~~~~~~~~~~~~ log.c:11:12: note: length computed here 11 | retlen = strlen(ret); | ^~~~~~~~~~~
The test case boils down to this: void f (char *p, char *q) { unsigned m = __builtin_strlen (p); unsigned n = __builtin_strlen (q); __builtin_strncat (p, q, n); p[m + n] = '\0'; } The warning in these cases is by design: it points out that the bound in the strncat call depends on the length of the source string (which is usually a bug). The use case the warning is designed not to trigger for is the one described in the CERT strncpy and strncat article: https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/strncpy-and-strncat, i.e., strncat (dest, source, dest_size - strlen (dest) - 1); In general, the warning assumes that strncpy and strncat are used in meaningful (though perhaps incorrect) ways. In the test case in comment #0, the use of strncat is correct but pointless. It's clear that the size of the buffer is sufficient for the concatenation of the two strings, so there is no point in using strncat to constrain the copy. The code would be more clearly and also more efficiently written like so: if ((dst = __builtin_realloc(dst, dstlen + retlen + 1)) != 0) { strcpy(dst + dstlen, ret); That said, a patch I'm testing for pr88780 relaxes the warning to avoid triggering for code like this.
I'm no longer working on this.