This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v8] Implement strlcpy and strlcat [BZ #178]


Alexander Cherepanov wrote:
+  /* The sum cannot wrap around because both strings would be larger
+     than half of the address space, which is not possible due to
+     the restrict qualifier.  */
+  _Static_assert (sizeof (uintptr_t) == sizeof (size_t),
+          "theoretical maximum object size covers address space");
+  return dest_length + src_length;
+}

First, I don't think the last comment is fully accurate -- both strings are not
required to be larger than half of the address space each, 1.5GB and 3GB are
enough for wrapping with 32-bit size_t.

Yes, the comment could be changed to something like this:

  /* The API for this function says behavior is undefined if the source string
     and destination array overlap.  The following sanity check succeeds
     on conventional architectures with flat address spaces, where the sum
     of the two lengths cannot wrap around when there is no overlap.  */

If you permit @var{to} to be non-null-terminated the situation is worse

Yes, it's one more nail in that particular coffin.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]