From: Alejandro Colomar <alx.manpages@gmail.com>
To: gcc@gcc.gnu.org
Cc: linux-man <linux-man@vger.kernel.org>,
GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [-Wstringop-overflow=] strncat(3)
Date: Wed, 14 Dec 2022 23:51:52 +0100 [thread overview]
Message-ID: <33e324b6-d17b-e831-7707-56889ce38788@gmail.com> (raw)
In-Reply-To: <75defb3e-bbe4-3b26-980c-22d32f177033@gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 4839 bytes --]
On 12/14/22 23:51, Alejandro Colomar wrote:
>
>
> On 12/14/22 23:45, Alejandro Colomar wrote:
>> Hi,
>>
>> I was rewriting the strncat(3) manual page, and when I tried to compile the
>> example program, I got a surprise from the compiler.
>>
>> Here goes the page:
>>
>>
>> strncat(3) Library Functions Manual strncat(3)
>>
>> NAME
>> strncat - concatenate a null‐padded character sequence into a
>> string
>>
>> LIBRARY
>> Standard C library (libc, -lc)
>>
>> SYNOPSIS
>> #include <string.h>
>>
>> char *strncat(char *restrict dst, const char src[restrict .sz],
>> size_t sz);
>>
>> DESCRIPTION
>> This function catenates the input character sequence contained in
>> a null‐padded fixed‐width buffer, into a string at the buffer
>> pointed to by dst. The programmer is responsible for allocating a
>> buffer large enough, that is, strlen(dst) + strnlen(src, sz) + 1.
>>
>> An implementation of this function might be:
>>
>> char *
>> strncat(char *restrict dst, const char *restrict src, size_t sz)
>> {
>> int len;
>> char *end;
>>
>> len = strnlen(src, sz);
>> end = dst + strlen(dst);
>> end = mempcpy(end, src, len);
>> *end = '\0';
>>
>> return dst;
>> }
>>
>> RETURN VALUE
>> strncat() returns dest.
>>
>> ATTRIBUTES
>> [...]
>>
>> STANDARDS
>> POSIX.1‐2001, POSIX.1‐2008, C89, C99, SVr4, 4.3BSD.
>>
>> CAVEATS
>> The name of this function is confusing. This function has no re‐
>> lation with strncpy(3).
>>
>> If the destination buffer is not large enough, the behavior is un‐
>> defined. See _FORTIFY_SOURCE in feature_test_macros(7).
>>
>> BUGS
>> This function can be very inefficient. Read about Shlemiel
>> the painter ⟨https://www.joelonsoftware.com/2001/12/11/
>> back-to-basics/⟩.
>>
>> EXAMPLES
>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <string.h>
>>
>> int
>> main(void)
>> {
>> char buf[BUFSIZ];
>> size_t len;
>>
>> buf[0] = '\0'; // There’s no ’cpy’ function to this ’cat’.
>> strncat(buf, "Hello ", 6);
>> strncat(buf, "world", 42); // Padding null bytes ignored.
>> strncat(buf, "!", 1);
>> len = strlen(buf);
>> printf("[len = %zu]: <%s>\n", len, buf);
>>
>> exit(EXIT_SUCCESS);
>> }
>>
>> SEE ALSO
>> string(3), string_copy(3)
>>
>> Linux man‐pages (unreleased) (date) strncat(3)
>>
>>
>> And when you compile that, you get:
>>
>> $ cc -Wall -Wextra ./strncat.c
>> ./strncat.c: In function ‘main’:
>> ./strncat.c:12:12: warning: ‘strncat’ specified bound 6 equals source length
>> [-Wstringop-overflow=]
>> 12 | strncat(buf, "Hello ", 6);
>> | ^~~~~~~~~~~~~~~~~~~~~~~~~
>> ./strncat.c:14:12: warning: ‘strncat’ specified bound 1 equals source length
>> [-Wstringop-overflow=]
>> 14 | strncat(buf, "!", 1);
>> | ^~~~~~~~~~~~~~~~~~~~
>>
>>
>> So, what? Where's the problem? This function does exactly that: "take an
>> unterminated character sequence and catenate it to an existing string". Clang
>> seems to be fine with the code.
>
> Maybe it's saying that I should be using strncat(buf, "!"); because the length
oops; of course, I meant strcat().
> is useless?
>
>>
>> Cheers,
>>
>> Alex
>>
>>
>
--
<http://www.alejandro-colomar.es/>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2022-12-14 22:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-14 22:45 Alejandro Colomar
2022-12-14 22:51 ` Alejandro Colomar
2022-12-14 22:51 ` Alejandro Colomar [this message]
2022-12-14 22:57 ` Andrew Pinski
2022-12-14 23:14 ` Alejandro Colomar
2022-12-15 20:50 ` Martin Sebor
2022-12-15 22:03 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=33e324b6-d17b-e831-7707-56889ce38788@gmail.com \
--to=alx.manpages@gmail.com \
--cc=gcc@gcc.gnu.org \
--cc=libc-alpha@sourceware.org \
--cc=linux-man@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).