This is an automated email from the ASF dual-hosted git repository.

bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new d90df83052 Fix stringop-truncation warning in ats_unix_append_id 
(#12613)
d90df83052 is described below

commit d90df830522a65e1cfcf1b39bf7b5fa64e0a7bcc
Author: Bryan Call <[email protected]>
AuthorDate: Mon Oct 27 14:09:40 2025 -0700

    Fix stringop-truncation warning in ats_unix_append_id (#12613)
    
    * Fix stringop-truncation warning in ats_unix_append_id
    
    Replace strncat with memcpy to satisfy GCC's -Werror=stringop-truncation
    warning. The original code was safe due to the bounds check, but GCC
    couldn't determine this. Using memcpy makes the intent clearer and
    eliminates the warning.
---
 include/tscore/ink_inet.h | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/include/tscore/ink_inet.h b/include/tscore/ink_inet.h
index cc9a07a0e8..18319b1353 100644
--- a/include/tscore/ink_inet.h
+++ b/include/tscore/ink_inet.h
@@ -324,8 +324,16 @@ ats_unix_append_id(sockaddr_un *s, int id)
 {
   char tmp[16];
   int  cnt = snprintf(tmp, sizeof(tmp), "-%d", id);
-  if (static_cast<size_t>(ats_unix_path_len(s) + cnt) < TS_UNIX_SIZE) {
-    strncat(s->sun_path, tmp, cnt);
+
+  // Defensive check: snprintf can return negative on error or >= sizeof(tmp) 
if truncated
+  if (cnt < 0 || cnt >= static_cast<int>(sizeof(tmp))) {
+    ink_assert(!"snprintf failed or truncated in ats_unix_append_id");
+    return;
+  }
+
+  int old_len = ats_unix_path_len(s);
+  if (static_cast<size_t>(old_len + cnt) < TS_UNIX_SIZE) {
+    memcpy(s->sun_path + old_len, tmp, cnt + 1); // +1 to include the null 
terminator
 #if HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
     s->sun_len = SUN_LEN(s);
 #endif

Reply via email to