Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

gcc-8 -Wstringop-truncation what is the good practice?

Tags:

c++

gcc

strncpy

gcc8

This message is trying to warn you that you're doing exactly what you're doing. A lot of the time, that's not what the programmer intended. If it is what you intended (meaning, your code will correctly handle the case where the character array will not end up containing any null character), turn off the warning.

If you do not want to or cannot turn it off globally, you can turn it off locally as pointed out by @doron:

#include <string.h>
char d[32];
void f(const char *s) {
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wstringop-truncation"
    strncpy(d, s, 32);
#pragma GCC diagnostic pop
}

This new GCC warning renders strncpy() mostly unusable in many projects: Code review will not accept code, that produces warnings. But if strncpy() is used only with strings short enough, so that it can write the terminating zero byte, then zeroing out the destination buffer in the beginning and then plain strcpy() would achieve the same job.

Actually, strncpy() is one of the functions, that they had better not put into the C library. There are legitimate use cases for it, sure. But library designers forgot to put fixed size string aware counterparts to strncpy() into the standard, too. The most important such functions, strnlen() and strndup(), were only included 2008 into POSIX.1, decades after strncpy() was created! And there is still no function, that copies a strncpy() generated fixed-length string into a preallocated buffer with correct C semantics, i.e. always writing the 0-termination byte. One such function could be:

// Copy string "in" with at most "insz" chars to buffer "out", which
// is "outsz" bytes long. The output is always 0-terminated. Unlike
// strncpy(), strncpy_t() does not zero fill remaining space in the
// output buffer:
char* strncpy_t(char* out, size_t outsz, const char* in, size_t insz){
    assert(outsz > 0);
    while(--outsz > 0 && insz > 0 && *in) { *out++ = *in++; insz--; }
    *out = 0;
    return out;
}

I recommend to use two length inputs for strncpy_t(), to avoid confusion: If there was only a single size argument, it would be unclear, if it is the size of the output buffer or the maximum length of the input string (which is usually one less).


There are very little justified case for using strncpy. This is a quite dangerous function. If the source string length (without the null character) is equal to the destination buffer size, then strncpy will not add the null character at the end of the destination buffer. So the destination buffer will not be null terminated.

We should write this kind of code on Linux:

lenSrc = strnlen(pSrc, destSize)
if (lenSrc < destSize)
    memcpy(pDest, pSrc, lenSrc + 1);
else {
    /* Handle error... */
}

In your case, if you want to truncate the source on copy, but still want a null terminated destination buffer, then you could write this kind of code:

destSize = 32

sizeCp = strnlen(pSrc, destSize - 1);
memcpy(pDest, pSrc, sizeCp);
pDest[sizeCp] = '\0';

Edit: Oh... If this not mandatory to be NULL terminated, strncpy is the right function to use. And yes you need to call it with 32 and not 31. I think you need to ignore this warning by disabling it... Honestly I do not have a good answer for that...

Edit2: In order to mimic the strncpy function, you could write this code:

destSize = 32

sizeCp = strnlen(pSrc, destSize - 1);
memcpy(pDest, pSrc, sizeCp + 1);

TL;DR: handle the truncation case and the warning will dissappear.

This warning happened to be really useful for me, as it uncovered an issue in my code. Consider this listing:

#include <string.h>
#include <stdio.h>

int main() {
    const char long_string[] = "It is a very long string";
    char short_string[8];
    
    strncpy(short_string, long_string, sizeof(short_string));

    /* This line is extremely important, it handles string truncation */
    short_string[7] = '\0';

    printf("short_string = \"%s\"\n", short_string);

    return 0;
}

demo

As the comment says short_string[7] = '\0'; is necessary here. From the strncpy man:

Warning: If there is no null byte among the first n bytes of src, the string placed in dest will not be null-terminated.

If we remove this line, it invokes UB. For example, for me, the program starts printing:

short_string = "It is a It is a very long string"

Basically, GCC wants you to fix the UB. I added such handling to my code and the warning is gone.

Related questions

Why doesn't an if constexpr make this core constant expression error disappear?
Static variable inside template function
Best way to seed mt19937_64 for Monte Carlo simulations
Concatenating/Merging/Joining two AVL trees
Virtual destructor with virtual members in C++11
Type of ternary expression
C++ stl stringstream direct buffer access
The equivalent of ./configure in Windows?
When should std::nothrow be used?
Why does initializing an extern variable inside a function give an error?
Deep Copy of OpenCV cv::Mat
How to portably find out min(INT_MAX, abs(INT_MIN))?
Unsigned modulos: alternative approach?
using enum says invalid conversion from 'int' to 'type'
Why the size of a pointer to a function is different from the size of a pointer to a member function?
C++ (14) and manual memory management
What is move_iterator for
What is the _REENTRANT flag?
How to use Microsoft Application Verifier
Why does the implementation of std::to_string create a buffer 4 times the size of the type?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!