Fix false-positives for stpncpy/strncpy

jvoisin / fortify-headers

Standalone portable header-based implementation of FORTIFY_SOURCE=3

BSD Zero Clause License

19 stars 3 forks source link

Fix false-positives for stpncpy/strncpy #48

Closed jvoisin closed 10 months ago

jvoisin commented 10 months ago

They check overlap across the whole range of the given length, but the given length is not what will actually be copied, rather it's the maximum length (if src is shorter, only length of src will be copied). This triggers false positives and traps where it shouldn't (e.g. in ICU tests).

Reported-by: q66

jvoisin commented 10 months ago

This should fix #47