[Bug c/81117] Improve buffer overflow checking in strncpy
bugzilla@poradnik-webmastera.com
gcc-bugzilla@gcc.gnu.org
Mon Nov 13 18:14:00 GMT 2017
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81117
--- Comment #17 from Daniel Fruzynski <bugzilla@poradnik-webmastera.com> ---
(In reply to Martin Sebor from comment #14)
> (In reply to Dmitry G. Dyachenko from comment #12)
>
> I'm afraid the warning in the constant string case is unavoidable. The call
> is folded at a point where the checker doesn't have access to the subsequent
> statement. At the same time, it can be viewed as a feature since the code
> would be more clearly written simply as strcpy(p, "1").
This can be resolved in this way. However strcpy is not recommended because it
does not check buffer size and can cause buffer overflow (however in this
particular case it would be safe to use). It would be good to use strlcpy here,
however it is not supported by gcc/glibc now. Maybe these new warnings will
help with adding them to gcc/glibc, I saw that many people in the past
requested this but without luck.
More information about the Gcc-bugs
mailing list