<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/55353>55353</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Warn when memory safety theater is detected
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          josephcsible
      </td>
    </tr>
</table>

<pre>
    I occasionally see people write code like `strncpy(dst, src, strlen(src) + 1);`. Presumably, someone told the author at some point that `strcpy` was dangerous and to use `strncpy` instead for safety, but doing so by passing the size of the *source* completely misses the point. We should detect when the `strn*` functions are used with worthless bounds like this and issue a warning accordingly.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJxVksGOnDAMhp8GLlYRhIWZOXDYaVWpt972HBID2Q0JipMi-vQ1YauqElJ-E9v_Z8Po9TH8AK-UJOOdtPYAQoQN_WYR9mAigvIawZoPhKKvKQantqMQd02xEF-BgspHDBYdv87xAwrxhIZF0T65qoKfASmtcrRHzvYreocQvdUQFwSZ4uIDyJivYPPGRb7g-PI8LfsadkmgpZsx-EQgHRd7SPQfGacZRxGlholbkpwwZtMxRdDceGYPGA_YJNEZnf5kfiP4KetCvJJPQSELHn7lTUTkxayGCCmnZL4K3rhw8Yln0JyiIuwLuqvHxcMdTp4pORV5v4wc8OTVsJu4wO5DXCwSweiT03RtOS7mmo39Eq-Gpw7uBJVK-aBZ2aMq9dDqR_uQZTTR4vDGOZf9iqsPx-fcJ4yMGLjXJyPqMgU7LDFuVLSvhfjOz8w0aax4WA6s_fX3-LIF_85FHGYYYtF1bdeWy3B7mYRstUTV9qppdT_dsX_oRt-afqqxLq0c0dJQdM9CCIf7NQ_rovtWmkHUQtRd_WhurPpqVL2ux2bU7U3I270rXmpcpbHVyVH5MJdhyEhjmokvraFI_y7Pbzk7xGzH_a8fanj3hNuiyIwWy-w_ZP4_c7YCxw">