https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81117
Bug ID: 81117
Summary: Improve buffer overflow checking in strncpy
Product: gcc
Version: 5.4.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: bugzi...@poradnik-webmastera.com
Target Milestone: ---
Code:
#include <string.h>
char buf[2];
void test(const char* str)
{
strncpy(buf, "12345", sizeof("12345")); // 1
strncpy(buf, "12345", strlen("12345")); // 2
strncpy(buf, str, sizeof(str)); // 3
strncpy(buf, str, strlen(str)); // 4
}
Compile command:
gcc -c -o test.o -Wall -Wextra -O2 test.c -D_FORTIFY_SOURCE=2
When above code is compiled using gcc 4.8.5 on Linux RHEL 7 x86_64, gcc prints
warning about line "3" (-Wsizeof-pointer-memaccess), plus there are two
warnings for lines "1" and "3" detected by -D_FORTIFY_SOURCE=2. There are no
warnings about buffer overflow in lines "2" and "4", where strlen of source is
used instead of buffer size.
What is interesting, gcc 5.4.0 from Cygwin x86_64 does not print warnings from
-D_FORTIFY_SOURCE=2, only -Wsizeof-pointer-memaccess one.
Please improve these checks, to detect cases when user will try to use sizeof
or strlen of source string instead of target buffer size.
