This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] string: Add tests for zero length string inputs
- From: Andreas Schwab <schwab at suse dot de>
- To: Richard Earnshaw <rearnsha at arm dot com>
- Cc: Paul Eggert <eggert at cs dot ucla dot edu>, Will Newton <will dot newton at linaro dot org>, Ondr(ej BÃlka <neleai at seznam dot cz>, libc-alpha <libc-alpha at sourceware dot org>
- Date: Tue, 23 Sep 2014 15:22:05 +0200
- Subject: Re: [PATCH] string: Add tests for zero length string inputs
- Authentication-results: sourceware.org; auth=none
- References: <1410910830-20900-1-git-send-email-will dot newton at linaro dot org> <20140919112302 dot GA2912 at domone> <CANu=Dmgn75GZU8my6fcCp1AyJRw8jEJVhaGTD+5mjOrXB_ENGw at mail dot gmail dot com> <542049A4 dot 1070409 at arm dot com> <54206104 dot 7020607 at cs dot ucla dot edu> <54216D4B dot 30505 at arm dot com>
Richard Earnshaw <rearnsha@arm.com> writes:
> On 22/09/14 18:48, Paul Eggert wrote:
>> On 09/22/2014 09:09 AM, Richard Earnshaw wrote:
>>> Valid pointers is more than just non-NULL. In particular, it implies
>>> that is safe to dereference the addressed byte in a source operand even
>>> when the length parameter is zero.
>>
>> I just reread C99 7.1.4 clause 1 and 7.21.2 clause 2, and I don't see
>> that implication. For example, the following program appears to be
>> strictly conforming:
>>
>> #include <string.h>
>>
>> char src[1];
>> char dst[1];
>>
>> int
>> main (void)
>> {
>> memcpy (dst, src + 1, 0);
>> return 0;
>> }
>>
>> Here, src + 1 is a valid pointer even though one cannot safely
>> dereference it. So it appears to be reasonable to check that memcpy
>> doesn't dereference the source when the size is zero.
>>
>
> Read clause 1 of 7.1.4 again. "If an argument to a function has an
> invalid value ... or a pointer outside of the address space of the
> program... the behaviour is undefined."
>
> Ergo, if src+1 can point outside of the address space of the program,
> it's undefined behaviour.
src+1 is _not_ outside of the address space. It is a valid pointer
(which you must not dereference).
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."