[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [platform-testers] texinfo-6.6.90 pretest
|
From: |
Hans-Bernhard Bröker |
|
Subject: |
Re: [platform-testers] texinfo-6.6.90 pretest |
|
Date: |
Tue, 17 Sep 2019 20:23:43 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 |
Am 17.09.2019 um 18:54 schrieb Gavin Smith:
> On Mon, Aug 19, 2019 at 9:35 PM Bruno Haible <address@hidden> wrote:
>> The warnings are clearly pointless, because the amount of memory
>> allocated for *description is unknown to the compiler.
>
> I think we can happily ignore these warnings.
I disagree. They may perhaps continue to be ignored, but not happily.
The warning is factually correct, and it triggered on a mismatch between
the 'n' version of this function's reason to exist vs. the actual way it
was used.
Unfortunately the message text does not express this very well: it fails
to express what's wrong about its stated observation. Which is that the
size argument really _must_ depend on the size of `dest', not `src'.
The call patterns in question,
strncat(dest, src, strlen(src));
strncat(dest, "ab", 2);
are absolutely equivalent to the simpler
strcat(dest, src);
strcat(dest, "ab");
Using strncat() like that offers no benefit at all. So why even bother
with the extra verbiage of using the 'n' version?
At the same time, the use of the 'n' variant of the function, on a first
glance, might hint that the author of this code actually took care about
not overflowing the dest buffer. But they did nothing of the sort.
This code therefore, ultimately, lies to the reader, and that should not
happily be ignored.
The proper solution is either to make sure the buffers in question are
always big enough (and just use strcat()), or to use strncat() as it's
supposed to, i.e. while actually keeping track of how many characters
still fit into the output.