Does this usage of strncmp contain an out of bounds read?

Fortify indicates that this is an out of bounds read:

if (strncmp("test string", "less than 32 char", 32) == 0)
{
...
}

It says that the function reads data from outside the bounds of less than 32 char.

Is there really a finding if strncmp goes beyond 32 chars and the second string is less than 32 chars?

Solution

TL;DR - strncmp() will keep comparing the string elements, until either the end of either string or 32 elements (characters), whichever is fewer.

A(ny) string is always null-terminated and upon encountering null-terminator, no further comparison is performed. Your code is safe.

Quoting C11, chapter §7.24.4.4 (emphasis mine)

int strncmp(const char *s1, const char *s2, size_t n);
The strncmp function compares not more than n characters (characters that follow a null character are not compared) from the array pointed to by s1 to the array pointed to by s2.

How to determine the value of socket listen() backlog parameter?
What does #define do in the Compiler?
Deleting selected element in a doubly linked list
Writing to qemu RISCV UART using c
How to store and then print a 2d character/string array horizontally for 5 times?
Fast CRC algorithm?
Assertion —to a function pointer— failed
Learning c, my code runs but doesn't displayed print?
Strange size change in core dump file
Rust's .o file format not recognized by GCC
How to declare a constant "mutable pointer" to an immutable block of memory
Printing all environment variables in C / C++
What is the difference between getch() and getchar()?
Filemanagement in C: Unsuccessful attempt in creating/overwriting a file using fopen
Get pixel color at mouse position fastest way
Valid VISA: 4222222222222 outputted as invalid
Unique Words Counter in C
Confused about casting and order of operations
What is the closest thing Windows has to fork()?
Why No Variable Declarations in Boolean Expressions in C?
Search Algorithm to find the k lowest values in a list (selection algorithm/problem)
What is the need of hh and h format specifiers?
can't load bmp file with SDL_LoadBMP in CodeBlocks
Need help to solve function issue
Understanding how to write cache-friendly code
What does "pointer being freed was not allocated" mean exactly?
How do I make my device available to QEMU
Why is the printf statement for number of pennies printing off when casting the double variable to an int?
FsRtlIsNameInExpression never matches anything
Is it unsafe to use getline() in c to read from stdin?