BUG: Replace strncpy with snprintf to ensure NUL termination

hjmjohnson · hjmjohnson · commit 41444ccbde00 · 2026-04-30T14:46:46.000-05:00
GCC's -Wstringop-truncation flagged 6 calls in itkScancoImageIO.cxx
where strncpy was invoked with a bound equal to the destination size.
When the source string is at least as long as the destination, strncpy
leaves the buffer without a NUL terminator, causing undefined behavior
in subsequent C-string accessors (GetVersion, GetPatientName, etc.).

The in-memory header buffers (m_Version[18], m_PatientName[42],
m_CreationDate[32], m_ModificationDate[32], m_RescaleUnits[18],
m_CalibrationData[66]) are explicitly sized two bytes wider than the
on-disk fixed-width fields (16, 40, 8/decoded-32, 32, 16, 64) so that a
NUL terminator always fits; itkISQHeaderIO.cxx:137 documents this with
an explicit '\\0' write.

Switch all six metadata-import sites and the five (six counting
ModificationDate) public Set*() inline accessors to
std::snprintf(dst, sizeof(dst), "%s", src), which always
NUL-terminates and silently truncates oversized input. Add &lt;cstdio&gt; to
both translation units.
diff --git a/include/itkScancoImageIO.h b/include/itkScancoImageIO.h
@@ -55,6 +55,7 @@
 #include "IOScancoExport.h"
 
 
+#include <cstdio>
 #include <fstream>
 #include "itkImageIOBase.h"
 #include "itkScancoDataManipulation.h"
@@ -167,7 +168,7 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase
   void
   SetVersion(const char * version)
   {
-    strncpy(this->m_HeaderData.m_Version, version, 18);
+    std::snprintf(this->m_HeaderData.m_Version, sizeof(this->m_HeaderData.m_Version), "%s", version);
     this->Modified();
   }
 
@@ -179,7 +180,8 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase
   void
   SetCalibrationData(const char * calibrationData)
   {
-    strncpy(this->m_HeaderData.m_CalibrationData, calibrationData, 66);
+    std::snprintf(
+      this->m_HeaderData.m_CalibrationData, sizeof(this->m_HeaderData.m_CalibrationData), "%s", calibrationData);
     this->Modified();
   }
 
@@ -191,7 +193,8 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase
   void
   SetRescaleUnits(const char * rescaleUnits)
   {
-    strncpy(this->m_HeaderData.m_RescaleUnits, rescaleUnits, 18);
+    std::snprintf(
+      this->m_HeaderData.m_RescaleUnits, sizeof(this->m_HeaderData.m_RescaleUnits), "%s", rescaleUnits);
     this->Modified();
   }
 
@@ -284,7 +287,7 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase
   void
   SetPatientName(const char * patientName)
   {
-    strncpy(this->m_HeaderData.m_PatientName, patientName, 42);
+    std::snprintf(this->m_HeaderData.m_PatientName, sizeof(this->m_HeaderData.m_PatientName), "%s", patientName);
     this->Modified();
   }
 
@@ -296,7 +299,8 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase
   void
   SetCreationDate(const char * creationDate)
   {
-    strncpy(this->m_HeaderData.m_CreationDate, creationDate, 32);
+    std::snprintf(
+      this->m_HeaderData.m_CreationDate, sizeof(this->m_HeaderData.m_CreationDate), "%s", creationDate);
     this->Modified();
   }
 
@@ -308,7 +312,10 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase
   void
   SetModificationDate(const char * modificationDate)
   {
-    strncpy(this->m_HeaderData.m_ModificationDate, modificationDate, 32);
+    std::snprintf(this->m_HeaderData.m_ModificationDate,
+                  sizeof(this->m_HeaderData.m_ModificationDate),
+                  "%s",
+                  modificationDate);
     this->Modified();
   }
 
diff --git a/src/itkScancoImageIO.cxx b/src/itkScancoImageIO.cxx
@@ -42,6 +42,7 @@
 #include "itkISQHeaderIO.h"
 
 #include <algorithm>
+#include <cstdio>
 #include <ctime>
 #include <filesystem>
 
@@ -354,23 +355,28 @@ ScancoImageIO::SetHeaderFromMetaDataDictionary()
   std::string stringMeta;
   if (ExposeMetaData<std::string>(metaData, "Version", stringMeta))
   {
-    strncpy(this->m_HeaderData.m_Version, stringMeta.c_str(), 18);
+    std::snprintf(this->m_HeaderData.m_Version, sizeof(this->m_HeaderData.m_Version), "%s", stringMeta.c_str());
   }
   if (ExposeMetaData<std::string>(metaData, "PatientName", stringMeta))
   {
-    strncpy(this->m_HeaderData.m_PatientName, stringMeta.c_str(), 42);
+    std::snprintf(
+      this->m_HeaderData.m_PatientName, sizeof(this->m_HeaderData.m_PatientName), "%s", stringMeta.c_str());
   }
 
   ExposeMetaData<int>(metaData, "PatientIndex", this->m_HeaderData.m_PatientIndex);
   ExposeMetaData<int>(metaData, "ScannerID", this->m_HeaderData.m_ScannerID);
 
   if (ExposeMetaData<std::string>(metaData, "CreationDate", stringMeta))
   {
-    strncpy(this->m_HeaderData.m_CreationDate, stringMeta.c_str(), 32);
+    std::snprintf(
+      this->m_HeaderData.m_CreationDate, sizeof(this->m_HeaderData.m_CreationDate), "%s", stringMeta.c_str());
   }
   if (ExposeMetaData<std::string>(metaData, "ModificationDate", stringMeta))
   {
-    strncpy(this->m_HeaderData.m_ModificationDate, stringMeta.c_str(), 32);
+    std::snprintf(this->m_HeaderData.m_ModificationDate,
+                  sizeof(this->m_HeaderData.m_ModificationDate),
+                  "%s",
+                  stringMeta.c_str());
   }
 
   ExposeMetaData<double>(metaData, "SliceThickness", this->m_HeaderData.m_SliceThickness);
@@ -399,11 +405,13 @@ ScancoImageIO::SetHeaderFromMetaDataDictionary()
   ExposeMetaData<int>(metaData, "RescaleType", this->m_HeaderData.m_RescaleType);
   if (ExposeMetaData<std::string>(metaData, "RescaleUnits", stringMeta))
   {
-    strncpy(this->m_HeaderData.m_RescaleUnits, stringMeta.c_str(), 18);
+    std::snprintf(
+      this->m_HeaderData.m_RescaleUnits, sizeof(this->m_HeaderData.m_RescaleUnits), "%s", stringMeta.c_str());
   }
   if (ExposeMetaData<std::string>(metaData, "CalibrationData", stringMeta))
   {
-    strncpy(this->m_HeaderData.m_CalibrationData, stringMeta.c_str(), 66);
+    std::snprintf(
+      this->m_HeaderData.m_CalibrationData, sizeof(this->m_HeaderData.m_CalibrationData), "%s", stringMeta.c_str());
   }
 
   ExposeMetaData<double>(metaData, "RescaleSlope", this->m_HeaderData.m_RescaleSlope);

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,7 @@`
`55`	`55`	`#include "IOScancoExport.h"`
`56`	`56`
`57`	`57`
	`58`	`+#include <cstdio>`
`58`	`59`	`#include <fstream>`
`59`	`60`	`#include "itkImageIOBase.h"`
`60`	`61`	`#include "itkScancoDataManipulation.h"`
`@@ -167,7 +168,7 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase`
`167`	`168`	`void`
`168`	`169`	`SetVersion(const char * version)`
`169`	`170`	`{`
`170`		`- strncpy(this->m_HeaderData.m_Version, version, 18);`
	`171`	`+ std::snprintf(this->m_HeaderData.m_Version, sizeof(this->m_HeaderData.m_Version), "%s", version);`
`171`	`172`	`this->Modified();`
`172`	`173`	`}`
`173`	`174`
`@@ -179,7 +180,8 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase`
`179`	`180`	`void`
`180`	`181`	`SetCalibrationData(const char * calibrationData)`
`181`	`182`	`{`
`182`		`- strncpy(this->m_HeaderData.m_CalibrationData, calibrationData, 66);`
	`183`	`+ std::snprintf(`
	`184`	`+ this->m_HeaderData.m_CalibrationData, sizeof(this->m_HeaderData.m_CalibrationData), "%s", calibrationData);`
`183`	`185`	`this->Modified();`
`184`	`186`	`}`
`185`	`187`
`@@ -191,7 +193,8 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase`
`191`	`193`	`void`
`192`	`194`	`SetRescaleUnits(const char * rescaleUnits)`
`193`	`195`	`{`
`194`		`- strncpy(this->m_HeaderData.m_RescaleUnits, rescaleUnits, 18);`
	`196`	`+ std::snprintf(`
	`197`	`+ this->m_HeaderData.m_RescaleUnits, sizeof(this->m_HeaderData.m_RescaleUnits), "%s", rescaleUnits);`
`195`	`198`	`this->Modified();`
`196`	`199`	`}`
`197`	`200`
`@@ -284,7 +287,7 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase`
`284`	`287`	`void`
`285`	`288`	`SetPatientName(const char * patientName)`
`286`	`289`	`{`
`287`		`- strncpy(this->m_HeaderData.m_PatientName, patientName, 42);`
	`290`	`+ std::snprintf(this->m_HeaderData.m_PatientName, sizeof(this->m_HeaderData.m_PatientName), "%s", patientName);`
`288`	`291`	`this->Modified();`
`289`	`292`	`}`
`290`	`293`
`@@ -296,7 +299,8 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase`
`296`	`299`	`void`
`297`	`300`	`SetCreationDate(const char * creationDate)`
`298`	`301`	`{`
`299`		`- strncpy(this->m_HeaderData.m_CreationDate, creationDate, 32);`
	`302`	`+ std::snprintf(`
	`303`	`+ this->m_HeaderData.m_CreationDate, sizeof(this->m_HeaderData.m_CreationDate), "%s", creationDate);`
`300`	`304`	`this->Modified();`
`301`	`305`	`}`
`302`	`306`
`@@ -308,7 +312,10 @@ class IOScanco_EXPORT ScancoImageIO : public ImageIOBase`
`308`	`312`	`void`
`309`	`313`	`SetModificationDate(const char * modificationDate)`
`310`	`314`	`{`
`311`		`- strncpy(this->m_HeaderData.m_ModificationDate, modificationDate, 32);`
	`315`	`+ std::snprintf(this->m_HeaderData.m_ModificationDate,`
	`316`	`+ sizeof(this->m_HeaderData.m_ModificationDate),`
	`317`	`+ "%s",`
	`318`	`+ modificationDate);`
`312`	`319`	`this->Modified();`
`313`	`320`	`}`
`314`	`321`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@`
`42`	`42`	`#include "itkISQHeaderIO.h"`
`43`	`43`
`44`	`44`	`#include <algorithm>`
	`45`	`+#include <cstdio>`
`45`	`46`	`#include <ctime>`
`46`	`47`	`#include <filesystem>`
`47`	`48`
`@@ -354,23 +355,28 @@ ScancoImageIO::SetHeaderFromMetaDataDictionary()`
`354`	`355`	`std::string stringMeta;`
`355`	`356`	`if (ExposeMetaData<std::string>(metaData, "Version", stringMeta))`
`356`	`357`	`{`
`357`		`- strncpy(this->m_HeaderData.m_Version, stringMeta.c_str(), 18);`
	`358`	`+ std::snprintf(this->m_HeaderData.m_Version, sizeof(this->m_HeaderData.m_Version), "%s", stringMeta.c_str());`
`358`	`359`	`}`
`359`	`360`	`if (ExposeMetaData<std::string>(metaData, "PatientName", stringMeta))`
`360`	`361`	`{`
`361`		`- strncpy(this->m_HeaderData.m_PatientName, stringMeta.c_str(), 42);`
	`362`	`+ std::snprintf(`
	`363`	`+ this->m_HeaderData.m_PatientName, sizeof(this->m_HeaderData.m_PatientName), "%s", stringMeta.c_str());`
`362`	`364`	`}`
`363`	`365`
`364`	`366`	`ExposeMetaData<int>(metaData, "PatientIndex", this->m_HeaderData.m_PatientIndex);`
`365`	`367`	`ExposeMetaData<int>(metaData, "ScannerID", this->m_HeaderData.m_ScannerID);`
`366`	`368`
`367`	`369`	`if (ExposeMetaData<std::string>(metaData, "CreationDate", stringMeta))`
`368`	`370`	`{`
`369`		`- strncpy(this->m_HeaderData.m_CreationDate, stringMeta.c_str(), 32);`
	`371`	`+ std::snprintf(`
	`372`	`+ this->m_HeaderData.m_CreationDate, sizeof(this->m_HeaderData.m_CreationDate), "%s", stringMeta.c_str());`
`370`	`373`	`}`
`371`	`374`	`if (ExposeMetaData<std::string>(metaData, "ModificationDate", stringMeta))`
`372`	`375`	`{`
`373`		`- strncpy(this->m_HeaderData.m_ModificationDate, stringMeta.c_str(), 32);`
	`376`	`+ std::snprintf(this->m_HeaderData.m_ModificationDate,`
	`377`	`+ sizeof(this->m_HeaderData.m_ModificationDate),`
	`378`	`+ "%s",`
	`379`	`+ stringMeta.c_str());`
`374`	`380`	`}`
`375`	`381`
`376`	`382`	`ExposeMetaData<double>(metaData, "SliceThickness", this->m_HeaderData.m_SliceThickness);`
`@@ -399,11 +405,13 @@ ScancoImageIO::SetHeaderFromMetaDataDictionary()`
`399`	`405`	`ExposeMetaData<int>(metaData, "RescaleType", this->m_HeaderData.m_RescaleType);`
`400`	`406`	`if (ExposeMetaData<std::string>(metaData, "RescaleUnits", stringMeta))`
`401`	`407`	`{`
`402`		`- strncpy(this->m_HeaderData.m_RescaleUnits, stringMeta.c_str(), 18);`
	`408`	`+ std::snprintf(`
	`409`	`+ this->m_HeaderData.m_RescaleUnits, sizeof(this->m_HeaderData.m_RescaleUnits), "%s", stringMeta.c_str());`
`403`	`410`	`}`
`404`	`411`	`if (ExposeMetaData<std::string>(metaData, "CalibrationData", stringMeta))`
`405`	`412`	`{`
`406`		`- strncpy(this->m_HeaderData.m_CalibrationData, stringMeta.c_str(), 66);`
	`413`	`+ std::snprintf(`
	`414`	`+ this->m_HeaderData.m_CalibrationData, sizeof(this->m_HeaderData.m_CalibrationData), "%s", stringMeta.c_str());`
`407`	`415`	`}`
`408`	`416`
`409`	`417`	`ExposeMetaData<double>(metaData, "RescaleSlope", this->m_HeaderData.m_RescaleSlope);`