Re: Implement C11 annex K?

[Russ Allbery <eagle at eyrie dot org>]

"Joseph S. Myers" <joseph@codesourcery.com> writes:
> On Wed, 13 Aug 2014, Russ Allbery wrote:

>> If the answer is "use strcpy and strcat because this code is provably
>> correct with them," I guess I understand your position, but if I somehow

> stpcpy is better than strcpy and strcat here; repeated strcat, or strlcat 
> as in your code, has quadratic overhead repeatedly looking for the end of 
> the string being built up, whereas stpcpy returns the end pointer for use 
> in the next stpcpy call.

Arguably, yes, but the code is not performance-critical, and I find the
stpcpy code (slightly) harder to read, possibly just because it's less
familiar.  No one is ever going to notice that quadratic factor here.
Either way, though, I would prefer the belt and suspenders of the
additional check on the length calculation logic.

>> messed up the length calculation logic, I would prefer to truncate the

> It's not obvious what a safer version of the stpcpy code would look
> like, and the length calculation logic fails to allow for the sum of the
> lengths exceeding SIZE_MAX (e.g. from a long separator, or from several
> pointers to the same long string in the vector) (so resulting in buffer
> overflows from any version that doesn't check each write fits in the
> remaining space).  (This size calculation as written could feasibly
> overflow even on a 64-bit system; many such overflows are only realistic
> on 32-bit systems.)

Yes, thank you, that's a good point.  I need to fix that.  But I think
that's orthogonal to the strlcpy vs. strcpy/stpcpy debate here.  One has
to do the size calculation in roughly the same way with either approach,
and the overflow check applies to either approach, I believe.

-- 
Russ Allbery (eagle@eyrie.org)              <http://www.eyrie.org/~eagle/>