From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=vVU8=4M=gmail.com=pinskia@sourceware.org>
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031])
	by sourceware.org (Postfix) with ESMTPS id 441523861027
	for <libc-alpha@sourceware.org>; Wed, 14 Dec 2022 22:58:02 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 441523861027
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pj1-x1031.google.com with SMTP id z8-20020a17090abd8800b00219ed30ce47so845387pjr.3
        for <libc-alpha@sourceware.org>; Wed, 14 Dec 2022 14:58:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=f7DvDYoGQRN980ip93ym3JRuFSEtpNka9UUMIQtHHWw=;
        b=Ds18Aql5v0G7pFyfJJubFXTUSGzAeOXDwS2d3vzEgV2uCtCqypLIbul4Es+FQ+k/FB
         G99gs4GC8asatmkdGpFKa+RKitymKtObUN5O/zQfPH8V0xOdeSBD+ZUAAYOPt7gcaRd0
         ks1gBxnZLbLNnmRzywZv7k4ZXrfP4Mwg29w9+rRUnO5MhSnPMTfRWvJhLn6OgXN80/MO
         sHPJIofmrk1zlj3zzz5LrqC8keYv4qq1ga2jYAM5suSaZ/c1VbuUROGjWuNv6E6WqH3m
         aTfI0VvtIL0GQ/Bw+1F5LY/yE+5XZ4aU02lsNlg3X6MWP1TX4niE5K2jTsPxILvWiPTm
         LUjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=f7DvDYoGQRN980ip93ym3JRuFSEtpNka9UUMIQtHHWw=;
        b=ZSea1lHgxvxPwVuy4HwcR+HWg1pfBQPbDrLXA84DEgJV4KAKMxTcFB3LnUAUNdpJO8
         gtJ8+5xiRc0W2N3AltIJmyxVL98A73Cae8GLkaB0GENZdWXv7Bv9kx8Q/sAvs+MuW6CN
         aDnIlGAd7VEeOEtTAysUXR2cTUI25MWnsjTBU7bQkRQt592JcRNgV4F/ZNX+TQ8OyWOn
         0WszYNfslwnWzGBZqQc7NPm8fIqXBGXBQQDSYK5/pdUH+b4OH3G4rOgioSGsJpvEkfEs
         csydKXkDATgoXOkVxk4vo4U+U3++w9rZJzxGyhSwqw3d8ZVxLJBZRvPR7C2Ex9xUMJnM
         hFBg==
X-Gm-Message-State: AFqh2kp3fdjEh5ouH8x4bMU/VPzjOMYgzBuvaPXp+WLU4E9vx84uC72N
	IxfLLJVzgyLrNzcokxuCY9UK3ma4ddwVPgm8jGJDfXdaqc43zg==
X-Google-Smtp-Source: AMrXdXtJaVMxuz3VDe82EqrAuC770cEkcC6qQ1RuKYI0/VjqIhS/wlIS7NEbxko+3HkTRgt84M10CmV07pBoYVHMPEo=
X-Received: by 2002:a17:90a:a6f:b0:223:4d09:2523 with SMTP id
 o102-20020a17090a0a6f00b002234d092523mr11405pjo.161.1671058681320; Wed, 14
 Dec 2022 14:58:01 -0800 (PST)
MIME-Version: 1.0
References: <30a77019-ded0-fe3b-d0db-6c77842674db@gmail.com>
In-Reply-To: <30a77019-ded0-fe3b-d0db-6c77842674db@gmail.com>
From: Andrew Pinski <pinskia@gmail.com>
Date: Wed, 14 Dec 2022 14:57:48 -0800
Message-ID: <CA+=Sn1nkz5FKFFx3e+A42nhpAF-TLW0Gmdgn4a5NL0KkCpuWNg@mail.gmail.com>
Subject: Re: [-Wstringop-overflow=] strncat(3)
To: Alejandro Colomar <alx.manpages@gmail.com>
Cc: gcc@gcc.gnu.org, linux-man <linux-man@vger.kernel.org>, 
	GNU C Library <libc-alpha@sourceware.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

On Wed, Dec 14, 2022 at 2:46 PM Alejandro Colomar via Libc-alpha
<libc-alpha@sourceware.org> wrote:
>
> Hi,
>
> I was rewriting the strncat(3) manual page, and when I tried to compile t=
he
> example program, I got a surprise from the compiler.
>
> Here goes the page:
>
>
>    strncat(3)               Library Functions Manual              strncat=
(3)
>
>    NAME
>           strncat  -  concatenate  a  null=E2=80=90padded  character sequ=
ence into a
>           string
>
>    LIBRARY
>           Standard C library (libc, -lc)
>
>    SYNOPSIS
>           #include <string.h>
>
>           char *strncat(char *restrict dst, const char src[restrict .sz],
>                          size_t sz);
>
>    DESCRIPTION
>           This function catenates the input character sequence contained =
 in
>           a  null=E2=80=90padded  fixed=E2=80=90width  buffer,  into  a s=
tring at the buffer
>           pointed to by dst.  The programmer is responsible for allocatin=
g a
>           buffer large enough, that is, strlen(dst) + strnlen(src, sz) + =
1.
>
>           An implementation of this function might be:
>
>               char *
>               strncat(char *restrict dst, const char *restrict src, size_=
t sz)
>               {
>                   int   len;
>                   char  *end;
>
>                   len =3D strnlen(src, sz);
>                   end =3D dst + strlen(dst);
>                   end =3D mempcpy(end, src, len);
>                   *end =3D '\0';
>
>                   return dst;
>               }
>
>    RETURN VALUE
>           strncat() returns dest.
>
>    ATTRIBUTES
>           [...]
>
>    STANDARDS
>           POSIX.1=E2=80=902001, POSIX.1=E2=80=902008, C89, C99, SVr4, 4.3=
BSD.
>
>    CAVEATS
>           The  name of this function is confusing.  This function has no =
re=E2=80=90
>           lation with strncpy(3).
>
>           If the destination buffer is not large enough, the behavior is =
un=E2=80=90
>           defined.  See _FORTIFY_SOURCE in feature_test_macros(7).
>
>    BUGS
>           This function  can  be  very  inefficient.   Read  about  Shlem=
iel
>           the       painter      =E2=9F=A8https://www.joelonsoftware.com/=
2001/12/11/
>           back-to-basics/=E2=9F=A9.
>
>    EXAMPLES
>           #include <stdio.h>
>           #include <stdlib.h>
>           #include <string.h>
>
>           int
>           main(void)
>           {
>               char    buf[BUFSIZ];
>               size_t  len;
>
>               buf[0] =3D '\0';  // There=E2=80=99s no =E2=80=99cpy=E2=80=
=99 function to this =E2=80=99cat=E2=80=99.
>               strncat(buf, "Hello ", 6);
>               strncat(buf, "world", 42);  // Padding null bytes ignored.
>               strncat(buf, "!", 1);
>               len =3D strlen(buf);
>               printf("[len =3D %zu]: <%s>\n", len, buf);
>
>               exit(EXIT_SUCCESS);
>           }
>
>    SEE ALSO
>           string(3), string_copy(3)
>
>    Linux man=E2=80=90pages (unreleased)      (date)                      =
 strncat(3)
>
>
> And when you compile that, you get:
>
> $ cc -Wall -Wextra ./strncat.c
> ./strncat.c: In function =E2=80=98main=E2=80=99:
> ./strncat.c:12:12: warning: =E2=80=98strncat=E2=80=99 specified bound 6 e=
quals source length
> [-Wstringop-overflow=3D]
>     12 |            strncat(buf, "Hello ", 6);
>        |            ^~~~~~~~~~~~~~~~~~~~~~~~~
> ./strncat.c:14:12: warning: =E2=80=98strncat=E2=80=99 specified bound 1 e=
quals source length
> [-Wstringop-overflow=3D]
>     14 |            strncat(buf, "!", 1);
>        |            ^~~~~~~~~~~~~~~~~~~~
>
>
> So, what?  Where's the problem?  This function does exactly that: "take a=
n
> unterminated character sequence and catenate it to an existing string".  =
Clang
> seems to be fine with the code.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D83404 and the
background of why the warning was added here:

https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/strncpy-and=
-strncat.

Thanks,
Andrew Pinski

>
> Cheers,
>
> Alex
>
>
> --
> <http://www.alejandro-colomar.es/>