This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Error on setenv(..., NULL, ...)

From: Mike Frysinger <vapier at gentoo dot org>
To: Rich Felker <dalias at libc dot org>
Cc: Siddhesh Poyarekar <siddhesh at redhat dot com>, Szabolcs Nagy <szabolcs dot nagy at arm dot com>, Paul Pluzhnikov <ppluzhnikov at google dot com>, GLIBC Devel <libc-alpha at sourceware dot org>
Date: Wed, 11 Mar 2015 18:22:31 -0400
Subject: Re: [patch] Error on setenv(..., NULL, ...)
Authentication-results: sourceware.org; auth=none
References: <CALoOobNSbWUkd_i-L6U0ovbqPYnJY-h=ftX1K61yb19pmJj6aw at mail dot gmail dot com> <20150311163327 dot GV9714 at spoyarek dot pnq dot redhat dot com> <55006F71 dot 6000807 at arm dot com> <20150311164415 dot GW9714 at spoyarek dot pnq dot redhat dot com> <20150311172546 dot GA877 at vapier> <20150311184216 dot GF23507 at brightrain dot aerifal dot cx> <20150311192355 dot GB877 at vapier> <20150311220237 dot GG23507 at brightrain dot aerifal dot cx>

On 11 Mar 2015 18:02, Rich Felker wrote:
> On Wed, Mar 11, 2015 at 03:23:55PM -0400, Mike Frysinger wrote:
> > On 11 Mar 2015 14:42, Rich Felker wrote:
> > > On Wed, Mar 11, 2015 at 01:25:46PM -0400, Mike Frysinger wrote:
> > > > On 11 Mar 2015 22:14, Siddhesh Poyarekar wrote:
> > > > > On Wed, Mar 11, 2015 at 04:38:09PM +0000, Szabolcs Nagy wrote:
> > > > > > no, this just says that NULL argument is undefined behaviour
> > > > > > 
> > > > > > this is not a bug in glibc and i don't think any change should be made
> > > > > 
> > > > > Fair enough, but if we ever decide to protect ourselves against such
> > > > > bad access, I'd be in favour of something more conservative like
> > > > > returning a blank string than returning an error.
> > > > 
> > > > if we agree it's undefined behavior, then can't we have fortification turn this 
> > > > into a build failure ?
> > > 
> > > Not a build failure but a runtime trap. UB can't be caught at build
> > > time because it's only forbidden if the statement that results in UB
> > > is reached, and reachability is equivalent to the halting problem.
> > 
> > i don't think that nuance matters to fortification.  what i'm talking about 
> > is when gcc proves a NULL is used.  it already has a nonull warning so it can 
> > detect this.
> 
> But it can't prove the code is reached. For example:
> 
> 	static volatile size_t foo = sizeof(long);
> 	if (foo == 8) {
> 		setenv(p, q, 0);
> 	}
> 
> Suppose here that p or q necessarily ends up being a null pointer on
> 32-bit archs. The code is not reachable, so it doesn't matter, but
> because foo is volatile the compiler can't prove it's not reachable.
> 
> This is a stupid example using volatile to make the point, but there
> are lots of other ways things like this can happen, especially with
> non-trivial use of macros and inline functions where ipa might happen
> to prove that a pointer is NULL but fail to prove that the relevant
> code is unreachable.

again, i don't think reachable matters.  why do we care about trying to let bad 
code compile ?  if we let fortification make it a build-time assert, what valid 
code that we care about is broken ?
-mike

Attachment: signature.asc
Description: Digital signature

Follow-Ups:
- Re: [patch] Error on setenv(..., NULL, ...)
  - From: Rich Felker

References:
- [patch] Error on setenv(..., NULL, ...)
  - From: Paul Pluzhnikov
- Re: [patch] Error on setenv(..., NULL, ...)
  - From: Siddhesh Poyarekar
- Re: [patch] Error on setenv(..., NULL, ...)
  - From: Szabolcs Nagy
- Re: [patch] Error on setenv(..., NULL, ...)
  - From: Siddhesh Poyarekar
- Re: [patch] Error on setenv(..., NULL, ...)
  - From: Mike Frysinger
- Re: [patch] Error on setenv(..., NULL, ...)
  - From: Rich Felker
- Re: [patch] Error on setenv(..., NULL, ...)
  - From: Mike Frysinger
- Re: [patch] Error on setenv(..., NULL, ...)
  - From: Rich Felker

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]