This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] string: Add tests for zero length string inputs

On 09/23/2014 02:57 PM, Richard Earnshaw wrote:
On 23/09/14 13:41, Florian Weimer wrote:
On 09/22/2014 06:09 PM, Richard Earnshaw wrote:
These tests are not testing null pointers, they are testing that when
given a zero length the functions actually read/write zero bytes.
Whether the specification demands that behaviour is arguable but I
believe that it is the most sane behaviour.

Valid pointers is more than just non-NULL.  In particular, it implies
that is safe to dereference the addressed byte in a source operand even
when the length parameter is zero.

Valid pointers can also point one element past the end of an array of

I don't think such a pointer forms a valid argument for a library
function though.  See my previous reply to Paul.

They are a fairly common occurrence with the [first, last) iterator ranges in C++. It's common to compute a pointer/length pair {first, last - first} and pass that to C functions, including C library functions.

This pattern is already incorrect in important corner cases (e.g., iterators derived from empty vectors), but do we really have to make the situation even worse?

Florian Weimer / Red Hat Product Security

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]