https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86199
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Ditto for strdup vs strndup, although there it might be worth considering
diagnosing only calls where the strndup bound is equal the size of the source
array, as in:
char a[4], *p, *q;
void f (void)
{
p = __builtin_strdup (a); // possibly unsafe? if not then...
// ...
q = __builtin_strndup (a, sizeof a); // this could be replaced by strdup()
}
