Boost C++ Libraries: Ticket #13218: Xcode 8/9 static analyzer warning in socket_ops.ipp:2023:5: function 'strcat' is insecure. CWE-119 https://svn.boost.org/trac10/ticket/13218 <p> The warning generated on macOS by the Xcode 9 static analyzer for files that #include asio.hpp is: </p> <p> In file included from /mnt/boost/asio.hpp:21: In file included from /mnt/boost/asio/basic_datagram_socket.hpp:21: In file included from /mnt/boost/asio/datagram_socket_service.hpp:30: In file included from /mnt/boost/asio/detail/reactive_socket_service.hpp:30: In file included from /mnt/boost/asio/detail/reactive_socket_accept_op.hpp:24: In file included from /mnt/boost/asio/detail/socket_holder.hpp:20: In file included from /mnt/boost/asio/detail/socket_ops.hpp:333: /mnt/boost/asio/detail/impl/socket_ops.ipp:2023:5: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 </p> <p> Since a lot of our files include asio.hpp, we see this warning over and over again. And unfortunately I know of no way to suppress this issue, so I'm hoping you can adjust the implementation to use strlcpy. Some of the other layers in Boost seem to have done this already, so maybe you don't have to re-invent the wheel. </p> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/13218 Trac 1.4.3