Generic strlen

David A. Ramos
Fri Oct 29 18:03:00 GMT 2010

Hi newlib maintainers,

Our checking tools (KLEE) keeps complaining about newlib's generic strlen version. It looks like it was patched back in May 2008 to include a speed hack that violates ISO C. It attempts to first word align the pointer, and then read a word at a time to check for a NULL:

73  /* If the string is word-aligned, we can check for the presence of                     
74     a null in each word-sized block.  */
75  aligned_addr = (unsigned long *)str;
76  while (!DETECTNULL (*aligned_addr))
77    aligned_addr++;

Obviously, this can read out of bounds if the memory allocated to that string is less than a word in length. While on most architectures this wouldn't actually cause a segfault, I don't think that's a safe assumption for the generic version of a libc routine. The same patch included an i386 target containing the same algorithm, which may be perfectly acceptable.



More information about the Newlib mailing list