On 13.06.2024 13:50, Federico Serafini wrote: > On 13/06/24 12:08, Jan Beulich wrote: >> On 13.06.2024 11:07, Federico Serafini wrote: >>> --- a/docs/misra/deviations.rst >>> +++ b/docs/misra/deviations.rst >>> @@ -364,6 +364,17 @@ Deviations related to MISRA C:2012 Rules: >>> by `stdarg.h`. >>> - Tagged as `deliberate` for ECLAIR. >>> >>> + * - R17.7 >>> + - Not using the return value of a function do not endanger safety if >>> it >>> + coincides with the first actual argument. >>> + - Tagged as `safe` for ECLAIR. Such functions are: >>> + - __builtin_memcpy() >>> + - __builtin_memmove() >>> + - __builtin_memset() >>> + - __cpumask_check() >>> + - strlcat() >>> + - strlcpy() >> >> These last two aren't similar to strcat/strcpy in what they return, so I'm >> not convinced they should be listed here. Certainly not with the "coincides" >> justification. > > Thanks to violations of Rule 17.7 I noticed that safe_strcpy() > and safe_strcat() are used without checking the return value. > Is this intentional?
I expect that's case by case judgement. The main thing for them is to make sure the destination buffer isn't overrun. There may be callers which can live with possible truncation, there may be other callers which guarantee a suitably sized buffer, and there may also be callers which actually ought to check. Jan
