locale: use memmove for potentially overlapping data
Paul Eggert
eggert@cs.ucla.edu
Thu Nov 7 07:38:37 GMT 2024
On 2024-11-06 20:46, DJ Delorie wrote:
> This is a result from a static analysis, and I - reading the code -
> couldn't prove that to myself.
sizeof ctx->buffer is 128, so locale/programs/md5.c line 167:
memcpy (&ctx->buffer[left_over], buffer, len);
means left_over + len <= 128 (otherwise behavior would be undefined).
After line 168:
left_over += len;
left_over <= 128. After executing line 172:
left_over -= 64;
left_over <= 64.
> I would hate for someone to use that
> code as an excuse to use memcpy in a situation that looks like that but
> *is* overlapping.
Oh, I'd hate that too! However, it's reasonably safe to assume that
glibc code was written by hackers who knew that memcpy isn't safe for
overlapping moves. If we find code that's wrong we should of course fix
it, but this particular code isn't wrong.
Feel free to add a comment if you think that'll help the next reader.
More information about the Libc-alpha
mailing list