This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/3] posix: Remove dynamic memory allocation from execl{e,p}
- From: Zack Weinberg <zackw at panix dot com>
- To: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- Cc: Paul Eggert <eggert at cs dot ucla dot edu>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Thu, 25 Feb 2016 09:41:10 -0500
- Subject: Re: [PATCH 1/3] posix: Remove dynamic memory allocation from execl{e,p}
- Authentication-results: sourceware.org; auth=none
- References: <1456146172-12850-1-git-send-email-adhemerval dot zanella at linaro dot org> <1456146172-12850-2-git-send-email-adhemerval dot zanella at linaro dot org> <56CEACFF dot 7010805 at cs dot ucla dot edu> <56CEFD53 dot 4040001 at linaro dot org>
On Thu, Feb 25, 2016 at 8:10 AM, Adhemerval Zanella
<adhemerval.zanella@linaro.org> wrote:
> On 25-02-2016 04:27, Paul Eggert wrote:
>>
>> With my "no arbitrary limits" hat on, I noticed that this has
>> undefined behavior if more than INT_MAX arguments are passed to execl.
>
> AFAIK the C standard defines the main entrypoint argc as signed int, so
> I think it is indeed undefined behaviour if you intend to call a program
> with more than INT_MAX arguments.
The C standard does indeed define main's first argument as signed int,
but I don't think that's a sufficient reason to allow exec* to exhibit
UB for too many arguments. POSIX does *not* call this case out as UB.
I think detecting this situation and failing with errno==E2BIG would
be appropriate. E2BIG is already specified as the error code for
exceeding ARG_MAX bytes of argument list + environment.
zw