[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: report a warning
|
From: |
Gavin Smith |
|
Subject: |
Re: report a warning |
|
Date: |
Mon, 9 Jan 2023 20:17:53 +0000 |
On Mon, Jan 09, 2023 at 08:39:44PM +0100, Hans-Bernhard Bröker wrote:
> > Whatever the original intention was behind strncat, this seems like
> > a reasonable way to use strncat based on its behaviour and documentation.
>
> It is not.
>
> The size argument exists to enable the caller to make sure that the
> destination buffer is not overrun, and for that to be possible, the size
> argument _must_ have a dependency on the size of that destination buffer.
> It may depend on the input string length, too, but that must not be the only
> dependency.
How can you be so sure why the size argument exists?
I downloaded the Unix version 7 sources (from 1979) from here
https://www.tuhs.org/cgi-bin/utree.pl?file=V7
and I can see strncat being called only twice in that source tree:
$ grep strncat . -R
./usr/src/cmd/dumpdir.c: strncat(prefix, dir.d_name,
sizeof(dir.d_name));
./usr/src/cmd/login.c: strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
(plus other matches)
The third argument appears to be used for both the source argument (first
match) and destination argument (second match).
Any documentation I can see on strncat describes the behaviour of strncat,
but not of the recommended usage.
> If one's not going to do the work needed to compute the size argument
> correctly, then strncat() cannot offer any benefit over strcat(), and one
> might as well not bother using it.
Not if strncat is used for an initial substring, as happens throughout
install-info.c.