This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: asprintf() issue

From: Florian Weimer <fweimer at redhat dot com>
To: "Carlos O'Donell" <carlos at redhat dot com>, Joseph Myers <joseph at codesourcery dot com>
Cc: Archie Cobbs <archie dot cobbs at gmail dot com>, libc-alpha at sourceware dot org, Michael Kerrisk-manpages <mtk dot manpages at gmail dot com>
Date: Wed, 20 May 2015 08:29:59 +0200
Subject: Re: asprintf() issue
Authentication-results: sourceware.org; auth=none
References: <CANSoFxt-cdc-+C4u-rTENMtY4X9RpRSuv+axDswSPxbDgag8_Q at mail dot gmail dot com> <55520F8F dot 9020308 at redhat dot com> <CANSoFxvac6_uBgwzWm5q6U+GcWzzKtDtDP0BVvE4eL08zXHs5Q at mail dot gmail dot com> <5552183C dot 2070809 at redhat dot com> <CANSoFxv7uO2Niq+wVKsC9xoDYuNgqHFxJnLrkgNqfKpFwzde=Q at mail dot gmail dot com> <alpine dot DEB dot 2 dot 10 dot 1505131601320 dot 30846 at digraph dot polyomino dot org dot uk> <555385F4 dot 5000409 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1505131722190 dot 30846 at digraph dot polyomino dot org dot uk> <555432DE dot 1020608 at redhat dot com> <5559C31D dot 5070400 at redhat dot com> <555C0DDF dot 1090408 at redhat dot com>

On 05/20/2015 06:30 AM, Carlos O'Donell wrote:

>> I don't think this is worth the cost.  (Even such little changes add up
>> and eventually impact linking time and code size.)  It does not even fix
>> a bug, and application code can easily set *ptr to NULL before calling
>> asprintf, to get uniform behavior across all known implementations (if
>> that simplifies application code).
> 
> I disagree that the compat symbol is not worth the cost.
> 
> Such a change stands to break binaries that were previously working, and in 
> glibc we stand by our community commitment not to break user code.

Sorry, I've now realized what I wrote was unclear.  I meant that if we
make such a minor change (without clear improvement for developers, in
my opinion), and it needs a compat symbol (which is the case here, I
agree), then making the change may not be worth it.

> I think we should do the following:
> 
> (a) Rewrite the man page to say we set the pointer to NULL on error.
>     Document that this behaviour changed in glibc 2.22.
> 
> (b) Add a versioned function to support old binaries, and have the 
>     new implementation set the pointer to NULL on error.
> 
> Then we're done and move on to the next problem.

If that's the emerging consensus, it's something with which I can agree.

-- 
Florian Weimer / Red Hat Product Security

Follow-Ups:
- Re: asprintf() issue
  - From: Dmitry V. Levin
- Re: asprintf() issue
  - From: Archie Cobbs

References:
- asprintf() issue
  - From: Archie Cobbs
- Re: asprintf() issue
  - From: Florian Weimer
- Re: asprintf() issue
  - From: Archie Cobbs
- Re: asprintf() issue
  - From: Florian Weimer
- Re: asprintf() issue
  - From: Archie Cobbs
- Re: asprintf() issue
  - From: Joseph Myers
- Re: asprintf() issue
  - From: Carlos O'Donell
- Re: asprintf() issue
  - From: Joseph Myers
- Re: asprintf() issue
  - From: Carlos O'Donell
- Re: asprintf() issue
  - From: Florian Weimer
- Re: asprintf() issue
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]