Re: [PATCH unionfs 3/3] Don’t use strncat() with length derived from source string

[Ivan Shmakov]

>>>>> On 2021-04-27 11:57:03 +0300, Sergey Bugaev wrote:
>>>>> On Mon, Apr 26, 2021 at 11:10 PM Samuel Thibault wrote:

 >> Err, but wouldn’t the compiler be able to determine that the size was
 >> properly computed, and avoid emitting a false-positive warning?

 > It is my understanding, based on
 > https://gcc.gnu.org/bugzilla//show_bug.cgi?id=88059, that GCC does
 > not do any sophisticated analysis here, and just warns about any case
 > where the specified length depends on the source size.  Which makes
 > sense to me, because either the destination buffer size depends on
 > the source string length, in which case you can be sure it fits and
 > don’t need strncpy, or it does not depend on the source string
 > length, in which case the string might not fit and you’d use strncpy,
 > passing the destination buffer size.

        Note that once the string lengths are known, neither strcpy nor
        strcat are necessary, for memcpy is sufficient (and likely
        measurably faster.)  See, e. g., [1].

[1] http://gnu.org/software/libc/manual/html_node/Concatenating-Strings.html

[…]

 > stow.c:290:7: warning: ‘strncpy’ output truncated before terminating
 > nul copying as many bytes from a string as its length
 > [-Wstringop-truncation]
 >   290 |       strncpy (tmp, dir, dir_len);
 >       |       ^~~~~~~~~~~~~~~~~~~~~~~~~~~
 > stow.c:275:13: note: length computed here
 >   275 |   dir_len = strlen(dir);
 >       |             ^~~~~~~~~~~

 > The last one is indeed a false positive, because we (with my previous
 > patch merged) now null-terminate the resulting string explicitly.

        Same here.

-- 
FSF associate member #7257  http://am-1.org/~ivan/