https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101451
--- Comment #3 from Quentin Armitage <quentin at armitage dot org.uk> ---
According to the man page for strncat:
As with strcat(), the resulting string in dest is always null-terminated.
If src contains n or more bytes, strncat() writes n+1 bytes to dest
(n from src plus the terminating null byte). Therefore, the size of dest must
be at least strlen(dest)+n+1.
Based on the above, in the test case strncat should copy 15 bytes (sizeof(dest)
- 1), and then add a terminating null byte.
I think the following code snippet demonstrates that:
#include <string.h>
#include <stdio.h>
int main(__attribute__((unused)) int argc, __attribute__((unused)) char **argv)
{
char dst[16] = "012345678901234";
unsigned char *p = dst;
dst[5] = '\0';
strncat(dst, "abcdefg", 5);
for (int i = 0; i < 16; i++)
printf("0x%2.2x ", *p++);
printf("\n");
}
>Do you have a full testcase that you can share, we will try to reduce it and
>see why it is still failing.
I have attached ipvswrapper.i, which when compiled with -O2
--Wstringop-truncation produces:
/usr/include/bits/string_fortified.h:95:10: warning: ‘__builtin_strncpy’ output
may be truncated copying 15 bytes from a string of length 15
[-Wstringop-truncation]
95 | return __builtin___strncpy_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
96 | __glibc_objsize (__dest));
