[PATCH] avoid GCC 10 warning -Wstringop-truncation

Chris Johns chrisj at rtems.org
Fri Jul 31 01:33:38 UTC 2020



On 31/7/20 3:52 am, Sebastian Huber wrote:
> On 30/07/2020 18:05, Gedare Bloom wrote:
> 
>> On Thu, Jul 30, 2020 at 9:55 AM Sebastian Huber
>> <sebastian.huber at embedded-brains.de> wrote:
>>> On 30/07/2020 17:53, Gedare Bloom wrote:
>>>
>>>> On Thu, Jul 30, 2020 at 9:44 AM Sebastian Huber
>>>> <sebastian.huber at embedded-brains.de>  wrote:
>>>>> On 30/07/2020 13:36, Aschref Ben-Thabet wrote:
>>>>>
>>>>>> diff --git a/testsuites/psxtests/psxndbm01/init.c
>>>>>> b/testsuites/psxtests/psxndbm01/init.c
>>>>>> index a13afa7315..b524aff0df 100644
>>>>>> --- a/testsuites/psxtests/psxndbm01/init.c
>>>>>> +++ b/testsuites/psxtests/psxndbm01/init.c
>>>>>> @@ -218,7 +218,7 @@ rtems_task Init(rtems_task_argument ignored)
>>>>>>
>>>>>>       puts( "Fetch non-existing record and confirm error." );
>>>>>>       test_strings = (char*)malloc(6);
>>>>>> -  strncpy( test_strings, "Hello", 5 );
>>>>>> +  memcpy( test_strings, "Hello", 5 );
>>>>>>
>>>>>>       test_strings[5] = '\0';
>>>>> In the glibc devel list this approach was suggested for problems like this:
>>>>>
>>>>> *(char *) mempcpy( test_strings, "Hello", 5 ) = '\0';
>>>>>
>>>>> https://sourceware.org/legacy-ml/libc-alpha/2000-08/msg00061.html
>>>>>
>>>> This code is suspect/wrong. that should create a NUL at the start of
>>>> the test_strings. I'd rather see the memcpy followed by appending the
>>>> NUL. It is easy enough to understand I think.
>>> Yes, this was also my impression then I did read this code snippet.
>>> Please note that this is memPcpy(), a GNU extension.
>> thanks, I had missed that.
>>
>> I don't think there is an easy generalized way to do the delimiting
>> with the standard memcpy. You could do it in one line, if we really
>> wanted something like:
>>
>> ((char *) memcpy (test_strings, "Hello", 5 ))[5] = '\0';
>>
>> We could even create a little helper to do it if it is a common pattern.
> 
> The mempcpy() is also available in Newlib.
> 
> The only thing I know is that strncpy() is a useless function. With the new GCC
> warnings it is nearly impossible to use correctly. This function is an historic
> accident.

It is still about, consider this article ...

https://www.cprogramming.com/tutorial/secure.html

I selected it at random from a list google present when I asked about secure
programming and strncpy.

> There are several ways to fix the warnings and I think there is no clear
> direction. We basically have the option to use the OpenBSD invented strlcpy()
> and strlcat() functions or some sort of memcpy() and mempcpy(). I think the
> OpenBSD philosophy is that if you put something in the strl*() and then at least
> a C-string is created. This may help to contain software bugs a bit and hinder
> error propagation. 

Yeap.

The glibc developer philosophy is probably that they only
> care about correct code and if you make mistakes that you can go to hell.

Hmm.

Chris


More information about the devel mailing list