[RFC PATCH] realloc: Make REALLOC_ZERO_BYTES_FREES into a tunable

Alejandro Colomar alx@kernel.org
Thu Oct 24 16:14:00 GMT 2024 

CC += JeanHeyd

Hi Joseph,

On Thu, Oct 24, 2024 at 03:44:05PM GMT, Joseph Myers wrote:
> On Thu, 24 Oct 2024, Alejandro Colomar wrote:
> 
> > The strong sustained objections to changing the standard all have one
> > condition:
> > 
> > 	Change the implementations first.
> 
> I think a fundamental objection for both standard and implementation 
> changes is: we discussed this at length more than once, we settled it 

You discussed this in a closed committee, without feedback from users.
That's not how it should work.  Also, in those discussions there was FUD
about vulnerabilities (double-free) being a necessary result of this
change.  I haven't been shown a Minimal Reproducible Example of that,
and strongly doubt, just like Doug and Paul, that it is possible.

> (first marking the feature obsolescent in C17, then making it undefined 
> behavior in C23), there is no significant new evidence that the basis for 
> those decisions was wrong

I've requested JeanHeyd to provide one, but you're invited to do so
yourself.  Otherwise, I claim that the decission that WG14 took is based
on FUD, and thus wrong.

Here are the requirements of the program:

It must run on any system of your like (except AIX; that's a broken
one), and behave well.  The same program must have a double free on the
BSD/Unix V7 behavior in a circumstance that wouldn't trigger on the
other system.  Bonus points if the system under which the program works
fine is glibc.  That should be easy if the decission by WG14 was based
on true facts.

> or that the decisions have caused problems that 
> could justify spending time on revisiting the settled issue so soon after 
> settling it.

The internet is on fire about ISO C23 making realloc(p,0) UB.  I don't
know if you've searched about it, but I've personally received messages
from several people despairing about C23, and mentioning that as one of
the most obvious wrongs that ISO has done in C23.


Have a lovely day!
Alex

-- 
<https://www.alejandro-colomar.es/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://sourceware.org/pipermail/libc-alpha/attachments/20241024/06443715/attachment.sig>

More information about the Libc-alpha mailing list