This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v7] Implement strlcpy, strlcat [BZ #178]
- From: Alexander Cherepanov <ch3root at openwall dot com>
- To: Paul Eggert <eggert at cs dot ucla dot edu>, Florian Weimer <fweimer at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Thu, 7 Jan 2016 15:56:31 +0300
- Subject: Re: [PATCH v7] Implement strlcpy, strlcat [BZ #178]
- Authentication-results: sourceware.org; auth=none
- References: <5682DD7E dot 6000301 at redhat dot com> <56839678 dot 8040304 at cs dot ucla dot edu> <568ADC5F dot 5010608 at redhat dot com> <568B0824 dot 6000101 at openwall dot com> <568B13CE dot 3060507 at cs dot ucla dot edu> <568B2A04 dot 9050904 at openwall dot com> <568B6B91 dot 5080904 at cs dot ucla dot edu> <568C1628 dot 9020507 at openwall dot com> <568C3036 dot 6030305 at cs dot ucla dot edu>
On 2016-01-06 00:05, Paul Eggert wrote:
On 01/05/2016 11:14 AM, Alexander Cherepanov wrote:
Your first reading of POSIX seems quite reasonable to me. And that
reading conflicts with C11 so I reported it in
http://austingroupbugs.net/view.php?id=1020 .
I was referring to the C11 semantics,
Ok. Then perhaps you are willing to remove the following piece from the
snprintf description: "you should allocate at least @var{size}
characters for the string @var{s}"[1]? (And maybe fix the use of
xmalloc/xrealloc vs. results checks in the example there.)
More generally, the glibc manual describes many functions quite
differently from C11 (e.g., I've filed bugs 19406 and 19407) and it's
not clear what are the plans in this area.
[1]
https://sourceware.org/git/?p=glibc.git;a=blob;f=manual/stdio.texi;h=0326f29eaecd6efa20dd397db095f755bffac495;hb=HEAD#l2474
which POSIX defers to. In looking
at that bug-report trail, it appears that the semantics of snprintf are
controversial in this area. And rightly so, since C11 requires
implementations to not diagnose troublesome application usage such as
snprintf (buf, SIZE_MAX, ...).
Some call it troublesome, others consider SIZE_MAX a useful
no-truncation-required value permitting to unify various code paths.
it boils down to the question which sources are considers
authoritative for describing strlcpy/strlcat?
There aren't any. The BSD man pages do not agree, and their
implementations do not agree. If we add strlcpy/strlcat, we will just
need to use our best judgment to distinguish valid from buggy uses.
Ok, I see.
--
Alexander Cherepanov