bad strncat use

[GoogleCodeExporter]

gcc reports 

|    inlined from 'main' at main.c:1055:
| /usr/include/bits/string3.h:153: warning: call to __builtin___strncat_chk
might overflow destination buffer

which is caused by

|        strncat(gOutputFile, ".", sizeof(gOutputFile));
|        strncat(gOutputFile, gOutType, sizeof(gOutputFile));

This code does not work as expected (the 'len' in 'strncpy(dst,src,len)'
applies to 'src', not to 'dst' so that up to 'strlen(dst) + len' bytes can
be copied). You want strlcat() but this is not commonly available. See
example 1b + 1c in http://www.gratisoft.us/todd/papers/strlcpy.html for
details.

What version of the product are you using? On what operating system?

r103

Original issue reported on code.google.com by ens...@googlemail.com on 30 Nov 2009 at 10:50

[GoogleCodeExporter]

Hi

Thanks for the heads up - I have not been able to get gcc to spit out that 
warning;
though reading the code + strncat's manpage did lead me to same conclusion.

I have created a patch against r103 to fix this. It does not take advantage of
strlcat due portability.

~Niels

Original comment by NThykier@gmail.com on 12 Dec 2009 at 8:48

• Changed state: Started
• Added labels: OpSys-All

Attachments:

• strncat.patch

[GoogleCodeExporter]

Oops - looks like I misunderstood how strncat() works; that's not good.  
Strlcat()
looks much easier to use, but Neils is right about portability.

Original comment by Michael....@gmail.com on 3 Jan 2010 at 11:51

• Added labels: Priority-High
• Removed labels: Priority-Medium

[GoogleCodeExporter]

This issue was closed by revision r104.

Original comment by Michael....@gmail.com on 3 Jan 2010 at 11:54

• Changed state: Fixed