Generic strlen
David A. Ramos
daramos@stanford.edu
Fri Oct 29 18:03:00 GMT 2010
Hi newlib maintainers,
Our checking tools (KLEE) keeps complaining about newlib's generic strlen version. It looks like it was patched back in May 2008 to include a speed hack that violates ISO C. It attempts to first word align the pointer, and then read a word at a time to check for a NULL:
libc/string/strlen.c:
73 /* If the string is word-aligned, we can check for the presence of
74 a null in each word-sized block. */
75 aligned_addr = (unsigned long *)str;
76 while (!DETECTNULL (*aligned_addr))
77 aligned_addr++;
Obviously, this can read out of bounds if the memory allocated to that string is less than a word in length. While on most architectures this wouldn't actually cause a segfault, I don't think that's a safe assumption for the generic version of a libc routine. The same patch included an i386 target containing the same algorithm, which may be perfectly acceptable.
Thoughts?
-David
More information about the Newlib
mailing list