Re: report a warning

[Hans-Bernhard Bröker]

Am 09.01.2023 um 18:44 schrieb Gavin Smith:

> There have long been compiler warnings about the use of strncat in
> install-info.c but there isn't any indication that the code is actually
> incorrect.  This compiler warning seems to be completely bogus.  

It's not.  It warns about a practice that has often been used to avoid 
another warning, while not actually achieving any improvement.

In a nutshell, strcat() itself has long since been frowned upon as a 
highly likely source of buffer overflows, and has triggered complaints 
from code checking tools and picky modes of modern compilers for quite a 
while now.  Many got into the habit of working around these warnings by 
replacing

        strcat(a, b);

with some equivalent of

        size_t length_of_b = strlen(b);
        /*...*/
        strncat(a, b, length_of_b);

While this avoids literally calling strcat(), it offers no added safety 
at all: in situations where that strcat() call blows up, the replacement 
code behaves every bit as badly.

Modern compiler versions detect this code pattern and report it as the 
silly thing it really is.

> The real way the code could be improved is to avoid using strcat or
> strncat altogether.

I disagree with that.  IMHO the real solution should be to provide a 
less silly value for the third argument of this strncat().

In other words the problem is not that this code is calling strncat(). 
It's that it doesn't even try to keep track of how much of the allocated 
buffer *description it has used already, so it cannot know what the 
third argument of strncat() has to be.

> However, in the referenced line in this warning, it seems that strcat could
> be used for exactly the same thing.  I'm going to make this change
> just so we stop getting reports.

That would most likely just exchange this warning for complaints from 
source auditing tools (like clang's "scan-build").