sleuthkit
strncat in auto_db_java.cpp uses incorrect third argument for strncat
Describe the bug or problem This code: https://github.com/sleuthkit/sleuthkit/blob/6f4f2f057dc4a42a4b2163ce237f3adfb5488d43/bindings/java/jni/auto_db_java.cpp#L715-L720
Generates this error:
And it doesn't even match this code: https://github.com/sleuthkit/sleuthkit/blob/6f4f2f057dc4a42a4b2163ce237f3adfb5488d43/tsk/auto/db_sqlite.cpp#L1400-L1405
So I'm pretty sure that the strncat should be replaced with strcat.
This is causing problems with the Ubuntu build on GitHub Actions ever since we added --enable-java to the Action.
I'll wait for a comment from @jayaramcs or @bcarrier
There's also several other uses of strncat. This code should probably be rewritten to use a safer approach to string building, like a std::string.
My guess is that strncat was used because nearly every complier complains about any use of strcat and they say strncat is more safe.
It looks like this warning occurs when you hard code in the length. It looks like the compiler is expecting the code to actually take the size of the destination into account (which is indeed the safer way). Some variation of (NAME_SIZE - strlen(name)).
My guess is that strncat was used because nearly every complier complains about any use of strcat and they say strncat is more safe.
It looks like this warning occurs when you hard code in the length. It looks like the compiler is expecting the code to actually take the size of the destination into account (which is indeed the safer way). Some variation of (NAME_SIZE - strlen(name)).
Sorry for the lack of context. The warning is because the final argument is a 6 and not a 7, which means that no null is appended to the string. I'll make the change you recommend, but I will not put in in the current release, as it is in code freeze, I'll stage it for the next one. The current release will be have a #pragma to suppress the warning. (Need to do that for GitHub Actions, which turn every warning into an error).
strncat's definition of "appends not more than n characters from s2, and then adds a terminating ‘\0’." is so broken.
On Mar 21, 2025, at 10:08 AM, Brian Carrier @.***> wrote:
bcarrier left a comment (sleuthkit/sleuthkit#3230) My guess is that strncat was used because nearly every complier complains about any use of strcat and they say strncat is more safe.
It looks like this warning occurs when you hard code in the length. It looks like the compiler is expecting the code to actually take the size of the destination into account (which is indeed the safer way). Some variation of (NAME_SIZE - strlen(name)).
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.
https://github.com/sleuthkit/sleuthkit/issues/3230#issuecomment-2743482597 https://github.com/notifications/unsubscribe-auth/AAMFHLHHAYKTEDOUJY3YX4L2VQMOZAVCNFSM6AAAAABZPRXEE2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBTGQ4DENJZG4
bcarrier left a comment (sleuthkit/sleuthkit#3230) https://github.com/sleuthkit/sleuthkit/issues/3230#issuecomment-2743482597 My guess is that strncat was used because nearly every complier complains about any use of strcat and they say strncat is more safe.
It looks like this warning occurs when you hard code in the length. It looks like the compiler is expecting the code to actually take the size of the destination into account (which is indeed the safer way). Some variation of (NAME_SIZE - strlen(name)).
— Reply to this email directly, view it on GitHub https://github.com/sleuthkit/sleuthkit/issues/3230#issuecomment-2743482597, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMFHLHHAYKTEDOUJY3YX4L2VQMOZAVCNFSM6AAAAABZPRXEE2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDONBTGQ4DENJZG4. You are receiving this because you authored the thread.