[Bug c/93636] Incorrect diagnostic of a potential string overflow in strncat
msebor at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Sun Feb 9 22:58:00 GMT 2020
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93636
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |diagnostic
Status|UNCONFIRMED |RESOLVED
CC| |msebor at gcc dot gnu.org
Resolution|--- |INVALID
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
The warning is intentional. The expected use of the strncat function is to
limit the output to the space in the destination, not to the length source
(using strncat the way the test case in comment #0 does is the same as strcat).
The latter use is a common source of buffer overflow bugs that the warning is
designed to help avoid.
The articles below provide additional background:
https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8/
https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/strncpy-and-strncat.
More information about the Gcc-bugs
mailing list