From: Alejandro Colomar <alx.manpages@gmail.com>
To: gcc@gcc.gnu.org
Cc: linux-man <linux-man@vger.kernel.org>,
GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [-Wstringop-overflow=] strncat(3)
Date: Wed, 14 Dec 2022 23:51:11 +0100 [thread overview]
Message-ID: <75defb3e-bbe4-3b26-980c-22d32f177033@gmail.com> (raw)
In-Reply-To: <30a77019-ded0-fe3b-d0db-6c77842674db@gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 4583 bytes --]
On 12/14/22 23:45, Alejandro Colomar wrote:
> Hi,
>
> I was rewriting the strncat(3) manual page, and when I tried to compile the
> example program, I got a surprise from the compiler.
>
> Here goes the page:
>
>
> strncat(3) Library Functions Manual strncat(3)
>
> NAME
> strncat - concatenate a null‐padded character sequence into a
> string
>
> LIBRARY
> Standard C library (libc, -lc)
>
> SYNOPSIS
> #include <string.h>
>
> char *strncat(char *restrict dst, const char src[restrict .sz],
> size_t sz);
>
> DESCRIPTION
> This function catenates the input character sequence contained in
> a null‐padded fixed‐width buffer, into a string at the buffer
> pointed to by dst. The programmer is responsible for allocating a
> buffer large enough, that is, strlen(dst) + strnlen(src, sz) + 1.
>
> An implementation of this function might be:
>
> char *
> strncat(char *restrict dst, const char *restrict src, size_t sz)
> {
> int len;
> char *end;
>
> len = strnlen(src, sz);
> end = dst + strlen(dst);
> end = mempcpy(end, src, len);
> *end = '\0';
>
> return dst;
> }
>
> RETURN VALUE
> strncat() returns dest.
>
> ATTRIBUTES
> [...]
>
> STANDARDS
> POSIX.1‐2001, POSIX.1‐2008, C89, C99, SVr4, 4.3BSD.
>
> CAVEATS
> The name of this function is confusing. This function has no re‐
> lation with strncpy(3).
>
> If the destination buffer is not large enough, the behavior is un‐
> defined. See _FORTIFY_SOURCE in feature_test_macros(7).
>
> BUGS
> This function can be very inefficient. Read about Shlemiel
> the painter ⟨https://www.joelonsoftware.com/2001/12/11/
> back-to-basics/⟩.
>
> EXAMPLES
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
>
> int
> main(void)
> {
> char buf[BUFSIZ];
> size_t len;
>
> buf[0] = '\0'; // There’s no ’cpy’ function to this ’cat’.
> strncat(buf, "Hello ", 6);
> strncat(buf, "world", 42); // Padding null bytes ignored.
> strncat(buf, "!", 1);
> len = strlen(buf);
> printf("[len = %zu]: <%s>\n", len, buf);
>
> exit(EXIT_SUCCESS);
> }
>
> SEE ALSO
> string(3), string_copy(3)
>
> Linux man‐pages (unreleased) (date) strncat(3)
>
>
> And when you compile that, you get:
>
> $ cc -Wall -Wextra ./strncat.c
> ./strncat.c: In function ‘main’:
> ./strncat.c:12:12: warning: ‘strncat’ specified bound 6 equals source length
> [-Wstringop-overflow=]
> 12 | strncat(buf, "Hello ", 6);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~
> ./strncat.c:14:12: warning: ‘strncat’ specified bound 1 equals source length
> [-Wstringop-overflow=]
> 14 | strncat(buf, "!", 1);
> | ^~~~~~~~~~~~~~~~~~~~
>
>
> So, what? Where's the problem? This function does exactly that: "take an
> unterminated character sequence and catenate it to an existing string". Clang
> seems to be fine with the code.
Maybe it's saying that I should be using strncat(buf, "!"); because the length
is useless?
>
> Cheers,
>
> Alex
>
>
--
<http://www.alejandro-colomar.es/>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2022-12-14 22:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-14 22:45 [-Wstringop-overflow=] strncat(3) Alejandro Colomar
2022-12-14 22:51 ` Alejandro Colomar [this message]
2022-12-14 22:51 ` Alejandro Colomar
2022-12-14 22:57 ` Andrew Pinski
2022-12-14 23:14 ` Alejandro Colomar
2022-12-15 20:50 ` Martin Sebor
2022-12-15 22:03 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=75defb3e-bbe4-3b26-980c-22d32f177033@gmail.com \
--to=alx.manpages@gmail.com \
--cc=gcc@gcc.gnu.org \
--cc=libc-alpha@sourceware.org \
--cc=linux-man@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.