https://bugs.kde.org/show_bug.cgi?id=401284
--- Comment #11 from Mark Wielaard <m...@klomp.org> --- (In reply to Paul Floyd from comment #9) > > src_orig, \ > > (Addr)dst-(Addr)dst_orig+1, \ > > - (Addr)src-(Addr)src_orig+1)) \ > > + n)) \ > > RECORD_OVERLAP_ERROR("strncat", dst_orig, src_orig, n); \ > > We need to keep the calculated lengths - either or both sting can be shorter > than n. ah, yes. Thanks for double checking and pushing this fix through. I think what you pushed is correct. But I think in general "overlap" in these string functions is not well defined because it isn't always clear of the NUL terminator is part of the string/operation or not (like in this case). And for code that does what this example code does the mem/byte functions are more clear. BTW. The gcc 13 does produce a pretty clear warning for this code if we help it see the exact length: #include <stdio.h> #include <stdlib.h> #include <string.h> int main(int argc, char* argv[]) { size_t len = strlen(argv[1]); if (len == 7) { char* buf = (char*) malloc(2 * len + 1); memcpy(buf, argv[1], len + 1); strncat(buf + len, buf, len); printf("%s\n", buf); free(buf); } return 0; } $ gcc -g -O2 -Wall -o vbug vbug.c vbug.c: In function ‘main’: vbug.c:11:5: warning: ‘strncat’ output truncated before terminating nul copying 7 bytes from a string of the same length [-Wstringop-truncation] 11 | strncat(buf + len, buf, len); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- You are receiving this mail because: You are watching all bug changes.