Hi, Eric Gallager wrote: > Hi, I have a project that uses gnulib's gettext.h, and also has CodeQL > scanning turned on in GitHub. In this project, CodeQL warns about the > "return translation;" statement on line 247 of gettext.h, saying that > it "May return stack-allocated memory from msg_ctxt_id."
dcgettext (domain, msg_ctxt_id, category) always returns either the second argument, or a string that has indefinite extent. It never returns something like msg_ctxt_id + some_offset. [1] Thus this warning is a false alarm. (Already answered in [2].) Bruno [1] https://www.gnu.org/software/libc/manual/html_node/Translation-with-gettext.html [2] https://lists.gnu.org/archive/html/bug-gettext/2023-07/msg00003.html
