[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Integer overflows in memchr
|
From: |
Eric Blake |
|
Subject: |
Re: Integer overflows in memchr |
|
Date: |
Tue, 9 Jul 2024 20:33:52 -0500 |
|
User-agent: |
NeoMutt/20240425 |
On Wed, Jul 10, 2024 at 01:55:51AM GMT, Paul Eggert wrote:
> On 7/9/24 22:03, Eric Blake wrote:
> > https://www.austingroupbugs.net/view.php?id=1834#c6830
> >
> > The current draft of proposed wording would have the C standard state:
> >
> > 2 The strnlen function counts not more than n characters (a null
> > character and characters that follow it are not counted) in the array
> > to which s points. At most the first n characters of s shall be
> > accessed by strnlen.
> >
> > at which point, strnlen("", SIZE_MAX)_is_ allowed to_access_ beyond
> > the NUL byte,
>
> No it wouldn't, because strnlen must stop counting at the first null byte.
>
> If this point isn't made clear in the current proposal, it should be made
> clear. Lots of user code relies on strnlen doing the right thing even if the
> string is shorter than n. In practice implementations that screw up in this
> area, and are incompatible with glibc etc., are deemed broken and are fixed.
> The standard should not allow further breakage.
I've raised that point to the Austin Group, and Chris Bazeley (the one
working on changing the C standard) should see it soon enough.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc.
Virtualization: qemu.org | libguestfs.org