2023-05-03 11:06:20 +02:00
== Why is this an issue?
2021-04-28 16:49:39 +02:00
Size argument of ``++strncat++``, ``++strlcat++`` and ``++strlcpy++`` should define the size of the destination to prevent buffer overflow.
Moreover, ``++strncat++`` always adds a terminating null character at the end of the appended characters so the size argument should be smaller than the size of the destination to let enough space for it.
2021-04-28 18:08:03 +02:00
2023-05-03 11:06:20 +02:00
=== Noncompliant code example
2021-04-28 16:49:39 +02:00
2022-02-04 17:28:24 +01:00
[source,cpp]
2021-04-28 16:49:39 +02:00
----
void f(char* src) {
char dest[10];
strlcpy(dest, src, sizeof(src)); // Noncompliant; size argument is the size of the source instead of the size of the destination
strncat(dest, src, sizeof(src)); // Noncompliant; size of the source instead of the size of the destination
strncat(dest, src, sizeof(dest)); // Noncompliant; size argument is too large
}
----
2021-04-28 18:08:03 +02:00
2023-05-03 11:06:20 +02:00
=== Compliant solution
2021-04-28 16:49:39 +02:00
2022-02-04 17:28:24 +01:00
[source,cpp]
2021-04-28 16:49:39 +02:00
----
void f(char* src) {
char dest[10];
strncat(dest, src, sizeof(dest) - 1); // Compliant
}
----
2021-04-28 18:08:03 +02:00
2021-09-20 15:38:42 +02:00
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
endif::env-github,rspecator-view[]
