FP with strcasecmp but not strcmp

Static source code analysis tool for C and C++ code

Brought to you by: danielmarjamaki

FP with strcasecmp but not strcmp

Forum: General Discussion

Creator: Tobias Mark

Created: 2023-02-03

Updated: 2023-02-07

Tobias Mark - 2023-02-03

Only when using --libray=posix

Example

void func(char *in) { char *b = strdup("b"); if(strncasecmp(b, in, 3)) { printf("foo\n"); } free(b); }

Error:

Buffer is accessed out of bounds: b [bufferAccessOutOfBounds]

Error disappears with strncmp() or when not using strdup()

Main cause seems to be different library definitions between strcasecmp (in cfg/posix.cfg) and strncmp (in cfg/std.cfg). The former also includes:

<minsize type="argvalue" arg="3"/>
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CHR - 2023-02-03

Since you have already identified the cause, why not submit a PR?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Tobias Mark - 2023-02-07
  
  Because I'am not sure.
  Maybe there is a better solution then just removing the test?
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CHR - 2023-02-07

strncmp() is clearly documented not to compare anything after the zero character:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/strncmp.html
Although that statement is missing here:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/strncasecmp.html
the behavior is the same for strncasecmp()
https://godbolt.org/z/Ps7MvMGde
So there is no size requirement for the third argument.

Last edit: CHR 2023-02-07

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.