This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug string/19391] strnlen invokes UB by adding maxlen to str


https://sourceware.org/bugzilla/show_bug.cgi?id=19391

--- Comment #2 from Pascal Cuoq <pascal_cuoq at hotmail dot com> ---
Florian,

my interpretation of the standards is that in all the strn* functions, as well
as memchr (as an explicit exception among the mem* functions), the size
argument limits the number of characters read but is allowed to be arbitrarily
larger than the number of characters that would be valid to read (if reading
stops because '\0' or the searched character is found).

In other words, yes, I think that strnlen (p, -1) should not invoke UB and be
equivalent to strlen (p).

In other words, this report is part of the same wave as
https://sourceware.org/bugzilla/show_bug.cgi?id=19390 and
https://sourceware.org/bugzilla/show_bug.cgi?id=19387 , except that those
describe concrete problems in assembly versions whereas this one is a
theoretical problem in the C version.

FWIW, the idea of looking at very large size arguments for standard functions
started with memchr, for which they are very explicitly allowed in POSIX and
C11, and it was this remark of Jed Davis that incited me to look at the strn*
functions:

https://twitter.com/xlerb/status/678963983756333056

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]