On 08/06/2017 02:07 PM, Martin Sebor wrote:
>>> You're right that there is no truncation and the effect is
>>> the same but only in the unlikely case when the destination
>>> is empty.  Otherwise the result is truncated.
>> Maybe this is where I'm confused.  How does the destination play into
>> truncation issues?  I've always been under the impression that the
>> destination has to be large enough to hold the result, but that it
>> doesn't affect truncation of the source.
> No, you're right.  It's me who's been confused, either thinking
> of strncpy or -Wstringop-overflow.  The difference between the
> two warnings is just one byte in some cases and I got them mixed
> up.  Sorry about that and thanks for spotting this silly  mistake!
> I've updated the code to issue -Wstringop-overflow here and added
> a better example to the manual.
Thanks.  I kept looking thinking I must have missed something somewhere...

> 1) In the following, the strncpy call would normally trigger
> -Wstringop-truncation because of the possible missing terminating
> NUL, but because the immediately following statement inserts the
> NUL the call is safe.
>    strncpy (d, s, sizeof d);   // possible missing NUL
>    d[sizeof d - 1] = '\0';     // okay, NUL add here
At first I wondered if this was an optimization opportunity.  BUt
thinking more about it, I don't think it is, unless you happen to know
that sizeof d == sizeof s, which I doubt happens often enough to matter.

> 2) Building Glibc made me realize that in my effort to detect
> the (common) misuses of strncpy I neglected the original (and
> only intended but now rare) use case of filling a buffer
> without necessarily NUL-terminating it (as in struct dirent::
> d_name).  To allow it the patch adds a new attribute that can
> be used to annotate char arrays and pointers that are intended
> not to be NUL-terminated.  This suppresses the truncation
> warning.  When the patch is approved I'll propose the (trivial)
> Glibc changes.  In the future, the attribute will also let GCC
> warn when passing such objects to functions that expect a NUL-
> terminated string argument (e.g., strlen or strcpy).
Seems reasonable.

> 3) Finally, to add inlining context to diagnostics issued by
> the middle end, I've added a new %G directive to complement
> %K by accepting a gcall* argument.
Also seems reasonable.  I think we've wanted something like this for a

> To make the patch easier to review I've broken it up into
> four parts:
>   1. Add %G.
>   2. Add attribute nostring.
>   3. Implement -Wstringop-truncation and enhance -Wstringop-
>      overflow (the meat of the patch).
>   4. Fix up GCC to compile with the new and enhanced warnings.
I'll try to get to them today.


Reply via email to