Fixed bug in overlap check in strncpy() -- it was assuming the src was 'n'

bytes longs, when it could be shorter, which could cause false positives. Added an example of this to the regtest. MERGE TO STABLE git-svn-id: svn://svn.valgrind.org/valgrind/trunk@1983
2026-02-03 10:05:29 +00:00 · 2003-11-02 17:43:27 +00:00 · 2003-11-02 17:43:27 +00:00 · bbfc62ea8c
commit bbfc62ea8c
parent 9c8cc2ba2b
2 changed files with 15 additions and 4 deletions
--- a/memcheck/mac_replace_strmem.c
+++ b/memcheck/mac_replace_strmem.c
@ -186,13 +186,15 @@ char* strcpy ( char* dst, const char* src )

 char* strncpy ( char* dst, const char* src, int n )
 {
+   const Char* src_orig = src;
         Char* dst_orig = dst;
   Int   m = 0;

-   if (is_overlap(dst, src, n, n))
-      complain3("strncpy", dst, src, n);
-
   while (m   < n && *src) { m++; *dst++ = *src++; }
+   /* Check for overlap after copying; all n bytes of dst are relevant,
+      but only m+1 bytes of src if terminator was found */
+   if (is_overlap(dst_orig, src_orig, n, (m < n) ? m+1 : n))
+      complain3("strncpy", dst, src, n);
   while (m++ < n) *dst++ = 0;         /* must pad remainder with nulls */

   return dst_orig;
--- a/memcheck/tests/overlap.c
+++ b/memcheck/tests/overlap.c
@ -112,5 +112,14 @@ int main(void)
      strncat(a+20, a, 21);    // run twice to check 2nd error isn't shown
   strncat(a, a+20, 21);

+   /* This is ok, but once gave a warning when strncpy() was wrong,
+      and used 'n' for the length, even when the src was shorter than 'n' */
+   {
+      char dest[64];
+      char src [16];
+      strcpy( src, "short" );
+      strncpy( dest, src, 20 );
+   }
+
   return 0;
 }