On Thu, Dec 12, 2019 at 11:19:44AM -0500, Richard Hipp wrote: > > #define sqlite3Strlen30NN(C) (strlen(C)&0x3fffffff) > > The tool does not provide any details beyond "Use of strlen".
So why not just #define sqlite3Strlen30NN(C) (strnlen(C,0x3fffffff)) ? From the point of view of program logic it looks similar (at least for me), but shifts security burden from you to authors of libc. And of course this should calm static analyzers anxious about strlen(), sprintf() etc. Valentin Davydov. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users