False Positive on S3519

Hi, I am using sonarqube versión 7.9, scanner 4.0 and SonarCFamily 6.3

my code:

char at_command[129];
...
strlcat(at_command, "\r", sizeof(at_command));

the bug showed is S3519: Memory access should be explicitly bounded to prevent buffer overflows

I think that memory is bounded correctly in strlcat

size_t strlcat (char *dst, const char *src, size_t dstsize);

strlcat () appends string src to the end of dst. It will append at most dstsize - strlen(dst) - 1 characters. It will then NUL-terminate, unless dstsize is 0 or the original dst string was longer than dstsize (in practice this should not happen as it means that either dstsize is incorrect or that dst is not a proper string).

I made a test in runtime:

char array_1[36];
memset(array_1, 0x00, sizeof(array_1));
strlcat(array_1, "This is a test", sizeof(array_1));
strlcat(array_1, "This is a strlcat that overflow the array", sizeof(array_1));

and I observed that the memory is correctly bounded and overflow did not exist
Thank you

Hi @jbc,

thank you for your report, I created a ticket on our side: CPP-2243.