From: Alejandro Colomar <alx.manpages@gmail.com>
To: gcc@gcc.gnu.org
Cc: linux-man <linux-man@vger.kernel.org>,
GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [-Wstringop-overflow=] strncat(3)
Date: Wed, 14 Dec 2022 23:51:11 +0100 [thread overview]
Message-ID: <75defb3e-bbe4-3b26-980c-22d32f177033@gmail.com> (raw)
In-Reply-To: <30a77019-ded0-fe3b-d0db-6c77842674db@gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 4583 bytes --]
On 12/14/22 23:45, Alejandro Colomar wrote:
> Hi,
>
> I was rewriting the strncat(3) manual page, and when I tried to compile the
> example program, I got a surprise from the compiler.
>
> Here goes the page:
>
>
> strncat(3) Library Functions Manual strncat(3)
>
> NAME
> strncat - concatenate a null‐padded character sequence into a
> string
>
> LIBRARY
> Standard C library (libc, -lc)
>
> SYNOPSIS
> #include <string.h>
>
> char *strncat(char *restrict dst, const char src[restrict .sz],
> size_t sz);
>
> DESCRIPTION
> This function catenates the input character sequence contained in
> a null‐padded fixed‐width buffer, into a string at the buffer
> pointed to by dst. The programmer is responsible for allocating a
> buffer large enough, that is, strlen(dst) + strnlen(src, sz) + 1.
>
> An implementation of this function might be:
>
> char *
> strncat(char *restrict dst, const char *restrict src, size_t sz)
> {
> int len;
> char *end;
>
> len = strnlen(src, sz);
> end = dst + strlen(dst);
> end = mempcpy(end, src, len);
> *end = '\0';
>
> return dst;
> }
>
> RETURN VALUE
> strncat() returns dest.
>
> ATTRIBUTES
> [...]
>
> STANDARDS
> POSIX.1‐2001, POSIX.1‐2008, C89, C99, SVr4, 4.3BSD.
>
> CAVEATS
> The name of this function is confusing. This function has no re‐
> lation with strncpy(3).
>
> If the destination buffer is not large enough, the behavior is un‐
> defined. See _FORTIFY_SOURCE in feature_test_macros(7).
>
> BUGS
> This function can be very inefficient. Read about Shlemiel
> the painter ⟨https://www.joelonsoftware.com/2001/12/11/
> back-to-basics/⟩.
>
> EXAMPLES
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
>
> int
> main(void)
> {
> char buf[BUFSIZ];
> size_t len;
>
> buf[0] = '\0'; // There’s no ’cpy’ function to this ’cat’.
> strncat(buf, "Hello ", 6);
> strncat(buf, "world", 42); // Padding null bytes ignored.
> strncat(buf, "!", 1);
> len = strlen(buf);
> printf("[len = %zu]: <%s>\n", len, buf);
>
> exit(EXIT_SUCCESS);
> }
>
> SEE ALSO
> string(3), string_copy(3)
>
> Linux man‐pages (unreleased) (date) strncat(3)
>
>
> And when you compile that, you get:
>
> $ cc -Wall -Wextra ./strncat.c
> ./strncat.c: In function ‘main’:
> ./strncat.c:12:12: warning: ‘strncat’ specified bound 6 equals source length
> [-Wstringop-overflow=]
> 12 | strncat(buf, "Hello ", 6);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~
> ./strncat.c:14:12: warning: ‘strncat’ specified bound 1 equals source length
> [-Wstringop-overflow=]
> 14 | strncat(buf, "!", 1);
> | ^~~~~~~~~~~~~~~~~~~~
>
>
> So, what? Where's the problem? This function does exactly that: "take an
> unterminated character sequence and catenate it to an existing string". Clang
> seems to be fine with the code.
Maybe it's saying that I should be using strncat(buf, "!"); because the length
is useless?
>
> Cheers,
>
> Alex
>
>
--
<http://www.alejandro-colomar.es/>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2022-12-14 22:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-14 22:45 Alejandro Colomar
2022-12-14 22:51 ` Alejandro Colomar [this message]
2022-12-14 22:51 ` Alejandro Colomar
2022-12-14 22:57 ` Andrew Pinski
2022-12-14 23:14 ` Alejandro Colomar
2022-12-15 20:50 ` Martin Sebor
2022-12-15 22:03 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=75defb3e-bbe4-3b26-980c-22d32f177033@gmail.com \
--to=alx.manpages@gmail.com \
--cc=gcc@gcc.gnu.org \
--cc=libc-alpha@sourceware.org \
--cc=linux-man@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).