[cppcheck] Dangerous usage of strncat in file xf86AutoConfig.c

Thomas Dickey dickey at his.com
Sat Oct 3 05:52:34 PDT 2009


On Sat, 3 Oct 2009, Martin Ettl wrote:

> Hello friends,
>
> further analysation with the static code analysis tool cppcheck brought up another issue. The tool printed the following warning:
>
> .../xfree86/common/xf86AutoConfig.c,337,possible error,Dangerous usage of strncat. Tip: the 3rd parameter means maximum number of characters to append
>
> Take a look into the code at line 337:
> .....
> char path_name[256];
> .....
> 334        if (strncmp(&(direntry->d_name[len-4]), ".ids", 4) == 0) {
>            /* We need the full path name to open the file */
>            strncpy(path_name, PCI_TXT_IDS_PATH, 256);
> 337         strncat(path_name, "/", 1);
>            strncat(path_name, direntry->d_name, (256 - strlen(path_name) - 1));
> .....
>
> I is possible (suppose to be the string PCI_TXT_IDS_PATH) is 256 
> characters long) that the array path_name is allready filled. Then (lin 
> 337) an additional character is appended --> array index might be go out 
> of range.

It's possible, but cppcheck isn't that smart.
It's "only" warning that its author disapproves of strncat.
cppcheck only notes its presence in the code, makes no analysis of the
parameters.  It's a _checking_ tool, by the way, not to be confused with
static analysis.

(dynamic allocation as an alternative is not necessarily an improvement)

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net


More information about the xorg-devel mailing list