https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94626
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |msebor at gcc dot gnu.org
Resolution|--- |WONTFIX
Status|UNCONFIRMED |RESOLVED
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
Thanks for the report (and for getting Glibc to update its headers). The
problem with strncpy is that its correct and intended uses (filling a buffer
without necessarily nul-terminating it) are indistinguishable from the misuses
(attempting to create a possibly truncated string as a copy of another).
Since there are more misuses than the correct uses of the function, the warning
relies on authors of the correct code to annotate it with attribute nonstring.
This is mentioned in the documentation of the warning. The warning itself
doesn't mention this because the right solution is likely to fix the copy.
I realize this approach makes the minority of authors of correct/safe code pay
the price for the mistakes of the majority of others and so must be frustrating
if you're in the first group. Sorry. The opposite approach obviously wouldn't
be effective.
If it helps, here's an article I wrote on this topic when the warning was first
added:
https://developers.redhat.com/blog/2018/05/24/detecting-string-truncation-with-gcc-8
