Clang-tidy bugprone-not-null-terminated-result bug on strncmp?


I’m having a hard time to understand why this checker raises warnings for the following cases (from the unit tests 1):

strncmp(str2, “foobar”, (strlen(“foobar”) + 1));

If I’m not mistaken, “foobar” is 7 bytes long (since it has an implicit leading ‘\0’).

strlen will return 6, because it does not account for the leading ‘\0’.

Thus, the correct code is to indeed add a “+ 1” to account for the leading ‘\0’.

That would have been different if sizeof was used on the string literal (in this case, a buffer overflow would have been possible).

Thus, I don’t see why clang-tidy reports a warning for this code.

Unfortunately, while the documentation 2 mentions this case [3] it doesn’t give much rationale about why this is an issue.

Any help would be much appreciated :slight_smile:

Thank you!


[3]: “strncmp If the third argument is the first or the second argument’s length + 1 it has to be truncated without the + 1 operation.”