This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Implement strlcat [BZ#178]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: Zack Weinberg <zackw at panix dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Thu, 10 Dec 2015 20:38:23 +0100
- Subject: Re: [PATCH] Implement strlcat [BZ#178]
- Authentication-results: sourceware.org; auth=none
- References: <56547472 dot 3010302 at redhat dot com> <5654B1FE dot 5020100 at cs dot ucla dot edu> <5654B796 dot 7070302 at redhat dot com> <5656E018 dot 5020608 at cs dot ucla dot edu> <565F211A dot 2030909 at redhat dot com> <56607CD1 dot 3050209 at cs dot ucla dot edu> <CAKCAbMgDMK9wjfNEJYW7e-cN9s5aVhun6V08OXrcOgYKRYF7_g at mail dot gmail dot com> <5660825E dot 9020901 at cs dot ucla dot edu> <CAKCAbMi2zSJRjS=ceg8UvTYY18UrCWysaOFX+OzvKZQfeR9+SA at mail dot gmail dot com> <5660C545 dot 1090805 at cs dot ucla dot edu> <5661A123 dot 9050408 at panix dot com> <5661BD09 dot 5020408 at cs dot ucla dot edu> <5665905E dot 1020608 at panix dot com> <5665F492 dot 2080307 at cs dot ucla dot edu>
On 12/07/2015 10:05 PM, Paul Eggert wrote:
> On 12/07/2015 05:57 AM, Zack Weinberg wrote:
>> I will continue to insist on_exactly_
>> matching the OpenBSD semantics or else not having these functions at all.
>
> (I agree, as I think glibc shouldn't have these functions at all. That
> being said...)
>
> If I understand the above comment correctly, you have at least three
> reasons to object to the proposed strlcpy+strlcat implementation.
>
> First, it rejects null pointer arguments.
Yes, I'm going to fix that.
> Second, when arguments overlap it doesn't necessarily have the same
> behavior as the OpenBSD implementation. For example, the OpenBSD strlcpy
> implementation always has well-defined behavior when source and
> destination overlap, but the proposed implementation does not.
The OpenBSD implementation is defined to be undefined with overlapping
inputs, too.
> Third, the OpenBSD implementation declares strlcpy and strlcat to have
> __attribute__ ((__bounded__ ...)), an OpenBSD extension that generates
> warnings when compiling with gcc -Wbounded (an OpenBSD GCC option that
> is on by default). The proposed implementation doesn't do that so it by
> default does not diagnose bugs that the OpenBSD implementation does
> diagnose.
Doesn't the _FORTIFY_SOURCE wrapper do something similar?
>> When there is no space to write a nul-terminated string into, there is
>> no such expectation.
>
> Sometimes there *is* space; that is, the destination size is nonzero,
> but the proposed strlcat *still* doesn't store a terminating null.
> Doesn't this give you qualms? It does me.
Yes, it's annoying, particularly since it is inconsistent with strlcpy
and snprintf. I'm not sure if we can change that, I'll ask.
Florian