xbolva00 added a comment. In https://reviews.llvm.org/D45050#1116396, @Charusso wrote:
> In https://reviews.llvm.org/D45050#1116361, @xbolva00 wrote: > > > memcpy(crypt_buf, passwd, passwd_len); <--- warning > > memcpy(crypt_buf + passwd_len, salt, salt_len); > > > > This is a false warning since it appends strings using memcpy. But no idea > > what to do and if it is possible to avoid these false warnings. > > > I have just tested it because of the `malloc()` function. I'm using > CodeChecker and leaved the default settings, so `IsSafeFunctionsAreAvailable > = 1`. Because of the malloc `strncpy_s()` cannot handle this case, but if the > check would ran with `IsSafeFunctionsAreAvailable = 0`, it rewrites it to > `strncpy(crypt_buf, passwd, passwd_len + 1)` which is a good transformation, > as the official `memcpy()`'s result not null-terminated. Yeah, it is a valid recommendation. https://reviews.llvm.org/D45050 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
