qrenc: silence gcc -Wstringop-overflow warning

[sgn]

Increase the size passed to strncat(3) by 1 to silence gcc warning. The increased value is accounted for the NULL terminator.

This change won't change anything at runtime since strncat(3) will append that '\0' if size of dst is reached but '\0' is not found.

[fukuchi]

Thank you @sgn.

According to this stackoverflow, we could use strcat() instead of strncat(). https://stackoverflow.com/questions/53408543/strncat-wformat-overflow-warning-when-using-gcc-8-2-1

Actually, we just use static strings as the src of strncat() and in these case there's no need to calculate the length of the src strings by hand.

Can I have your thoughts?

[sgn]

On 2019-12-11 21:04:58-0800, Kentaro Fukuchi [email protected] wrote:

Actually, we just use static strings as the src of strncat() and in these case there's no need to calculate the length of the src strings by hand.

Yes, we could use strcat(3) instead of strncat(3) in this case. And, it could be simpler to use strcat(3) instead.

After a harder thought, I think strcat(3) isn't really optimal in this case.

With strcat(3), we're repeatedly traverse through buffer.

I think it's better to use memcpy instead.

I could prepare the patch myself if you think it's a good idea.

-- Danh

[sgn]

Hi @fukuchi,

I've pushed a series of change to replace strncat with strcpy.

The last commit is intended for not altering options in writeANSI and writeASCII, if you don't like the last patch, feel free to drop it.

[Woebbeking]

Hi, I just got these warnings and found this request. Why do you use strncat()? To avoid buffer overflows, then keep it but change the size parameter (have a look at https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83404). If you're really sure the buffer is big enough, then just use strcat(). Same with strncpy(). Cheers, André

[sgn]

I think the buffer is always large enough. Let's just use strcpy(3).