freak82 opened a new issue, #11343:
URL: https://github.com/apache/trafficserver/issues/11343
Hi there,
As far as I checked the only place where this warning is raised is here:
```
/z/x3me-ocn/src/iocore/net/OCSPStapling.cc:1166:12: warning: ‘char*
strncat(char*, const char*, size_t)’ specified bound 1 equals source length
[-Wstringop-overflow=]
1166 | strncat(url->end(), "/", 1);
```
Here is the code in question:
```
if (url->buf()[url->size() - 1] != '/') {
strncat(url->end(), "/", 1);
url->fill(1);
}
```
Note that the `url` buffer size is calculated above in such a way that there
is a guarantee that it's big enough for this concatenation.
[This type of GCC
warning](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83404) is a bit bogus.
However, I think with a slight change the code here can be made better/safer
and at the same time the global suppression of this warning can be removed.
Although it's not very obvious (IMO) from the man page of `strncat`, the
last `size_t` argument is supposed to specify [the remaining space in the
destination
buffer](https://stackoverflow.com/questions/6903997/how-can-i-use-strncat-without-buffer-overflow-concerns).
So, I think this code is better written as:
```
if (url->buf()[url->size() - 1] != '/') {
strncat(url->end(), "/", url->write_avail());
url->fill(1);
}
```
or
```
if (url->buf()[url->size() - 1] != '/') {
written = ink_strlcat(url->end(), "/", url->write_avail());
url->fill(written);
}
```
What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
