This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Implement strlcat [BZ#178]
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Florian Weimer <fweimer at redhat dot com>, libc-alpha at sourceware dot org
- Cc: Zack Weinberg <zackw at panix dot com>
- Date: Thu, 10 Dec 2015 10:14:00 -0800
- Subject: Re: [PATCH] Implement strlcat [BZ#178]
- Authentication-results: sourceware.org; auth=none
- References: <56547472 dot 3010302 at redhat dot com> <5654B1FE dot 5020100 at cs dot ucla dot edu> <5654B796 dot 7070302 at redhat dot com> <5656E018 dot 5020608 at cs dot ucla dot edu> <565F211A dot 2030909 at redhat dot com> <56607CD1 dot 3050209 at cs dot ucla dot edu> <CAKCAbMgDMK9wjfNEJYW7e-cN9s5aVhun6V08OXrcOgYKRYF7_g at mail dot gmail dot com> <5660825E dot 9020901 at cs dot ucla dot edu> <CAKCAbMi2zSJRjS=ceg8UvTYY18UrCWysaOFX+OzvKZQfeR9+SA at mail dot gmail dot com> <5660C545 dot 1090805 at cs dot ucla dot edu> <56617536 dot 9040308 at redhat dot com> <5661BA22 dot 8060108 at cs dot ucla dot edu> <5669ABE5 dot 8030405 at redhat dot com>
On 12/10/2015 08:44 AM, Florian Weimer wrote:
everything points towards the NetBSD
implementation being buggy in this regard
"everything"? Nothing indicates that the NetBSD behavior is a bug; it
doesn't cause real applications to break. And the NetBSD behavior can
help catch buggy usage, such as "char *buf = malloc (n); strlcpy (buf,
src, n - m);" on platforms where NULL points to accessible storage,
malloc (0) returns NULL, and n happens to be 0.
The main point of strlcpy+strlcat is to guarantee that the output is
always a null-terminated string that fits.This is what programmers
understandably expect. This main point is *far* more important than
obscure details about weird corner cases that should never happen
anyway. The spec should allow an implementation that guarantees the main
point, and that terminates the program if the program tries to exploit
the corner cases by passing bad pointers or null pointers or
unterminated strings or size-zero buffers that prevent the main point
from being safely satisfied.