[PATCH] string: Add tests for zero length string inputs
Will Newton
will.newton@linaro.org
Mon Sep 22 16:15:00 GMT 2014
On 22 September 2014 09:09, Richard Earnshaw <rearnsha@arm.com> wrote:
> On 19/09/14 18:09, Will Newton wrote:
>> On 19 September 2014 04:23, Ondřej Bílka <neleai@seznam.cz> wrote:
>>> On Tue, Sep 16, 2014 at 04:40:30PM -0700, Will Newton wrote:
>>>> For the string functions that take string lengths as an argument we
>>>> should ensure that no data is read or written if a length of zero is
>>>> specified. Pointers to PROT_NONE memory are used to ensure that any
>>>> reads or writes will cause a fault.
>>>>
>>> You do not need these. C standard requires arguments to be valid
>>> pointers for most string functions, and they are already marked nonnull
>>> in header.
>>>
>>> Just adding size 0 to inputs would suffice.
>>
>> These tests are not testing null pointers, they are testing that when
>> given a zero length the functions actually read/write zero bytes.
>> Whether the specification demands that behaviour is arguable but I
>> believe that it is the most sane behaviour.
>>
>
> Valid pointers is more than just non-NULL. In particular, it implies
> that is safe to dereference the addressed byte in a source operand even
> when the length parameter is zero. Thus testing that no bytes are read
> would be incorrect.
If that is the case then I withdraw the patch. Is that requirement
documented anywhere?
--
Will Newton
Toolchain Working Group, Linaro
More information about the Libc-alpha
mailing list