I’m having a hard time to understand why this checker raises warnings for the following cases (from the unit tests 1):
strncmp(str2, “foobar”, (strlen(“foobar”) + 1));
If I’m not mistaken, “foobar” is 7 bytes long (since it has an implicit leading ‘\0’).
strlen will return 6, because it does not account for the leading ‘\0’.
Thus, the correct code is to indeed add a “+ 1” to account for the leading ‘\0’.
That would have been different if sizeof was used on the string literal (in this case, a buffer overflow would have been possible).
Thus, I don’t see why clang-tidy reports a warning for this code.
Unfortunately, while the documentation 2 mentions this case  it doesn’t give much rationale about why this is an issue.
Any help would be much appreciated
strncmp If the third argument is the first or the second argument’s
length + 1 it has to be truncated without the
+ 1 operation.”