[vlc-devel] [PATCH] http_auth: fix -Wstringop-truncation warning

Alexandre Janniaux ajanni at videolabs.io
Tue May 5 15:11:55 CEST 2020 

Hi,

strncpy will check the length, which is useless since you
have fixed length in both case. In addition, it is supposed
to add a NULL char in the end, but won't do it if you have
the same destination size as the number of bytes you want
to copy (which is the reason of the warnings).

Here VLC_HASH_MD5_DIGEST_HEX_SIZE is 33 bytes and should
include the null byte, which is added by vlc_hash_FinishHex
line 149 which uses vlc_hex_encode_binary:

/**
 * Encode binary data as hex string
 *
 * Writes a given data buffer to the output buffer as a null terminated
 * string in hexadecimal representation.
 *
 * \param      input    Input buffer
 * \param      size     Input buffer size
 * \param[out] output   Output buffer to write the string to
 */
VLC_API void vlc_hex_encode_binary(const void *input, size_t size, char *output);

I hope this is clearer, let me know if I should improve
the commit message to better highlight this.

Regards,
--
Alexandre Janniaux
Videolabs


On Tue, May 05, 2020 at 03:03:27PM +0200, Thomas Guillem wrote:
> Hello,
>
> On Mon, May 4, 2020, at 19:38, Alexandre Janniaux wrote:
> > The size of hashes are fixed so there is no need for str functions, as
> > otherwise strncpy complains about having the destination size equal to
> > the given size with fortify.
> > ---
> >  src/network/http_auth.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/network/http_auth.c b/src/network/http_auth.c
> > index 4d49978ac97..599fda6286d 100644
> > --- a/src/network/http_auth.c
> > +++ b/src/network/http_auth.c
> > @@ -125,7 +125,7 @@ static char *AuthDigest( vlc_object_t *p_this,
> > vlc_http_auth_t *p_auth,
> >      /* H(A1) */
> >      if ( p_auth->psz_HA1 )
> >      {
> > -        strncpy( psz_HA1, p_auth->psz_HA1, sizeof(psz_HA1) );
> > +        memcpy( psz_HA1, p_auth->psz_HA1, sizeof(psz_HA1) );
>
> I'm curious, why not using strcpy in that case?
>
> >      }
> >      else
> >      {
> > --
> > 2.26.2
> >
> > _______________________________________________
> > vlc-devel mailing list
> > To unsubscribe or modify your subscription options:
> > https://mailman.videolan.org/listinfo/vlc-devel
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel

More information about the vlc-devel mailing list