This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: strtok behaviour when uninitialized

From: Florian Weimer <fweimer at redhat dot com>
To: Zack Weinberg <zackw at panix dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Sun, 11 Feb 2018 22:05:51 +0100
Subject: Re: strtok behaviour when uninitialized
Authentication-results: sourceware.org; auth=none
References: <20180211181954.l5qkzway7zkd3345@salil> <878tbzwetl.fsf@linux-m68k.org> <20180211185345.jqcfijuchzkowkcx@salil> <1518376085.12525.187.camel@sempati.menos4> <CAKCAbMiqEo+3YZJeyKKCQgJPvL4cWcLo32V7J5sOmqyUw8qj0Q@mail.gmail.com>

On 02/11/2018 08:32 PM, Zack Weinberg wrote:

With my security hat on, I would like glibc to define as many cases of
undefined behavior as possible -- as prompt, guaranteed crashes.
Defining the behavior as anything else leads to people relying on
whatever the definition is, but leaving it as "whatever the code
happens to do"_also_  leads to people relying on the actual behavior,
plus it leaves room for exploits.

But in the case of strtok, the more relevant undefined behavior is thatit's not thread-safe. There's a fairly large number of libraries whichreference both pthread_create and strtok, which is rather sad.


Thanks,
Florian

Follow-Ups:
- Re: strtok behaviour when uninitialized
  - From: Zack Weinberg

References:
- strtok behaviour when uninitialized
  - From: Salil Kapur
- Re: strtok behaviour when uninitialized
  - From: Andreas Schwab
- Re: strtok behaviour when uninitialized
  - From: Salil Kapur
- Re: strtok behaviour when uninitialized
  - From: Javier Serrano Polo
- Re: strtok behaviour when uninitialized
  - From: Zack Weinberg

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]