Building with gcc 8.1.0 identified two types of warnings.
a) [-Wstringop-truncation] and
b) [-Wstringop-overflow=]
Example warnings
sr_unix/gtmcrypt_pk_ref.c:212:3: warning: 'strncpy' output truncated before terminating
nul copying as many bytes from a string as its length [-Wstringop-truncation]
sr_unix/gtmcrypt_dbk_ref.c:328:3: warning: 'strncpy' specified bound depends on the
length of the source argument [-Wstringop-overflow=]
Both warnings have to do with strncpy usages. The fix to strncpy usages was two-fold.
1) If "strncpy" is used to copy an exact number of bytes (e.g. if the exact number
was determined only a few lines above using strlen()), then the strncpy was replaced
with a memcpy since we don't need to do a copy looking for a terminating null byte.
2) If "strncpy" is used to ensure we never overflow the destination buffer, then we
use SNPRINTF (macro which translates to an EINTR-safe snprintf() invocation) to
ensure the null byte is copied too after any needed truncation of the input string.
strncpy only does the truncation and does not copy the null byte whereas snprintf
does both.
In addition, a use of SPRINTF in dse_chng_fhead.c was replaced with SNPRINTF since the
compiler identified this as a case of a possible overflow. And a parameter
"hash_string.length" with a type "long unsigned int" passed to SNPRINTF macro in
gtmcrypt.h was typecast to (int) to avoid a type mismatch compiler warning.
Building with gcc 8.1.0 identified two types of warnings.
Example warnings
Both warnings have to do with strncpy usages. The fix to strncpy usages was two-fold.
1) If "strncpy" is used to copy an exact number of bytes (e.g. if the exact number was determined only a few lines above using strlen()), then the strncpy was replaced with a memcpy since we don't need to do a copy looking for a terminating null byte.
2) If "strncpy" is used to ensure we never overflow the destination buffer, then we use SNPRINTF (macro which translates to an EINTR-safe snprintf() invocation) to ensure the null byte is copied too after any needed truncation of the input string. strncpy only does the truncation and does not copy the null byte whereas snprintf does both.
In addition, a use of SPRINTF in dse_chng_fhead.c was replaced with SNPRINTF since the compiler identified this as a case of a possible overflow. And a parameter "hash_string.length" with a type "long unsigned int" passed to SNPRINTF macro in gtmcrypt.h was typecast to (int) to avoid a type mismatch compiler warning.