[-Wstringop-overflow=] strncat(3)

public inbox for gcc@gcc.gnu.org
 help / color / mirror / Atom feed

From: Alejandro Colomar <alx.manpages@gmail.com>
To: gcc@gcc.gnu.org
Cc: linux-man <linux-man@vger.kernel.org>,
	GNU C Library <libc-alpha@sourceware.org>
Subject: [-Wstringop-overflow=] strncat(3)
Date: Wed, 14 Dec 2022 23:45:04 +0100	[thread overview]
Message-ID: <30a77019-ded0-fe3b-d0db-6c77842674db@gmail.com> (raw)


[-- Attachment #1.1: Type: text/plain, Size: 3516 bytes --]

Hi,

I was rewriting the strncat(3) manual page, and when I tried to compile the 
example program, I got a surprise from the compiler.

Here goes the page:


   strncat(3)               Library Functions Manual              strncat(3)

   NAME
          strncat  -  concatenate  a  null‐padded  character sequence into a
          string

   LIBRARY
          Standard C library (libc, -lc)

   SYNOPSIS
          #include <string.h>

          char *strncat(char *restrict dst, const char src[restrict .sz],
                         size_t sz);

   DESCRIPTION
          This function catenates the input character sequence contained  in
          a  null‐padded  fixed‐width  buffer,  into  a string at the buffer
          pointed to by dst.  The programmer is responsible for allocating a
          buffer large enough, that is, strlen(dst) + strnlen(src, sz) + 1.

          An implementation of this function might be:

              char *
              strncat(char *restrict dst, const char *restrict src, size_t sz)
              {
                  int   len;
                  char  *end;

                  len = strnlen(src, sz);
                  end = dst + strlen(dst);
                  end = mempcpy(end, src, len);
                  *end = '\0';

                  return dst;
              }

   RETURN VALUE
          strncat() returns dest.

   ATTRIBUTES
          [...]

   STANDARDS
          POSIX.1‐2001, POSIX.1‐2008, C89, C99, SVr4, 4.3BSD.

   CAVEATS
          The  name of this function is confusing.  This function has no re‐
          lation with strncpy(3).

          If the destination buffer is not large enough, the behavior is un‐
          defined.  See _FORTIFY_SOURCE in feature_test_macros(7).

   BUGS
          This function  can  be  very  inefficient.   Read  about  Shlemiel
          the       painter      ⟨https://www.joelonsoftware.com/2001/12/11/
          back-to-basics/⟩.

   EXAMPLES
          #include <stdio.h>
          #include <stdlib.h>
          #include <string.h>

          int
          main(void)
          {
              char    buf[BUFSIZ];
              size_t  len;

              buf[0] = '\0';  // There’s no ’cpy’ function to this ’cat’.
              strncat(buf, "Hello ", 6);
              strncat(buf, "world", 42);  // Padding null bytes ignored.
              strncat(buf, "!", 1);
              len = strlen(buf);
              printf("[len = %zu]: <%s>\n", len, buf);

              exit(EXIT_SUCCESS);
          }

   SEE ALSO
          string(3), string_copy(3)

   Linux man‐pages (unreleased)      (date)                       strncat(3)


And when you compile that, you get:

$ cc -Wall -Wextra ./strncat.c
./strncat.c: In function ‘main’:
./strncat.c:12:12: warning: ‘strncat’ specified bound 6 equals source length 
[-Wstringop-overflow=]
    12 |            strncat(buf, "Hello ", 6);
       |            ^~~~~~~~~~~~~~~~~~~~~~~~~
./strncat.c:14:12: warning: ‘strncat’ specified bound 1 equals source length 
[-Wstringop-overflow=]
    14 |            strncat(buf, "!", 1);
       |            ^~~~~~~~~~~~~~~~~~~~


So, what?  Where's the problem?  This function does exactly that: "take an 
unterminated character sequence and catenate it to an existing string".  Clang 
seems to be fine with the code.

Cheers,

Alex


-- 
<http://www.alejandro-colomar.es/>

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next             reply	other threads:[~2022-12-14 22:45 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-14 22:45 Alejandro Colomar [this message]
2022-12-14 22:51 ` Alejandro Colomar
2022-12-14 22:51   ` Alejandro Colomar
2022-12-14 22:57 ` Andrew Pinski
2022-12-14 23:14   ` Alejandro Colomar
2022-12-15 20:50     ` Martin Sebor
2022-12-15 22:03       ` Alejandro Colomar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=30a77019-ded0-fe3b-d0db-6c77842674db@gmail.com \
    --to=alx.manpages@gmail.com \
    --cc=gcc@gcc.gnu.org \
    --cc=libc-alpha@sourceware.org \
    --cc=linux-man@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).