On Tue, Sep 17, 2019 at 7:23 PM Hans-Bernhard Bröker <[email protected]> wrote: > > Am 17.09.2019 um 18:54 schrieb Gavin Smith: > > On Mon, Aug 19, 2019 at 9:35 PM Bruno Haible <[email protected]> wrote: > > >> The warnings are clearly pointless, because the amount of memory > >> allocated for *description is unknown to the compiler. > > > > I think we can happily ignore these warnings. > > I disagree. They may perhaps continue to be ignored, but not happily. > > The warning is factually correct, and it triggered on a mismatch between > the 'n' version of this function's reason to exist vs. the actual way it > was used. > > Unfortunately the message text does not express this very well: it fails > to express what's wrong about its stated observation. Which is that the > size argument really _must_ depend on the size of `dest', not `src'.
Why must it depend on the size of the destination? strncat is not being used here as a "safe" version of strcat. The length argument is saying how many bytes to copy from the source, which I see nothing wrong with. > The call patterns in question, > > strncat(dest, src, strlen(src)); > strncat(dest, "ab", 2); > > are absolutely equivalent to the simpler > > strcat(dest, src); > strcat(dest, "ab"); > > Using strncat() like that offers no benefit at all. So why even bother > with the extra verbiage of using the 'n' version? In some cases the length argument is being given in a variable that is also used elsewhere. It is probably not the best code to use due to having to calculate the length of the destination string everytime strncat is called, but the code is well-tested and I'm not minded to rewrite it all to silence a compiler warning, risking introducing bugs in the process.
