mulle-kybernetik-tv
commented
1 year ago To be pedantic, technically there is no buffer overflow in strncpy here. The problem is that the code will pass a non \0 terminated string to printf( "%s") as strncpy won't append it, if there is no space.
[ ] Infer version 1.1.0
[ ] Debian 11
[ ] Command: infer run --reactive --bufferoverrun --pulse --enable-issue-type ARRAY_OUT_OF_BOUNDS_L1 -- clang -c strn.c (also tried BUFFER_OVERRUN_Ux, BUFFER_OVERRUN_Lx, and ARRAY_OUT_OF_BOUNDS_Lx where x ranges from 1-6.)
[ ] The full output in a paste: Capturing in make/cc mode... Found 1 (out of 1) source file to analyze in /home/../infer/infer-out 1/1 [#################################################] 100% 4.458ms No issues found
[ ] Code:
include
include
char *src="demo";
int main(){ char dest[4]; strncpy(dest,src,sizeof(dest)); printf("str=%s\n",dest); }
I cannot get Infer to find the buffer overflow caused in strncpy(). Please advise.