This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] string: Add tests for zero length string inputs
- From: Richard Earnshaw <rearnsha at arm dot com>
- To: Will Newton <will dot newton at linaro dot org>
- Cc: OndÅej BÃlka <neleai at seznam dot cz>, libc-alpha <libc-alpha at sourceware dot org>
- Date: Mon, 22 Sep 2014 17:17:49 +0100
- Subject: Re: [PATCH] string: Add tests for zero length string inputs
- Authentication-results: sourceware.org; auth=none
- References: <1410910830-20900-1-git-send-email-will dot newton at linaro dot org> <20140919112302 dot GA2912 at domone> <CANu=Dmgn75GZU8my6fcCp1AyJRw8jEJVhaGTD+5mjOrXB_ENGw at mail dot gmail dot com> <542049A4 dot 1070409 at arm dot com> <CANu=DmhQGpPSP-RgVoY7URs6n7n2wP6U3WcEV2dRBdWP3EorzQ at mail dot gmail dot com>
On 22/09/14 17:15, Will Newton wrote:
> On 22 September 2014 09:09, Richard Earnshaw <rearnsha@arm.com> wrote:
>> On 19/09/14 18:09, Will Newton wrote:
>>> On 19 September 2014 04:23, OndÅej BÃlka <neleai@seznam.cz> wrote:
>>>> On Tue, Sep 16, 2014 at 04:40:30PM -0700, Will Newton wrote:
>>>>> For the string functions that take string lengths as an argument we
>>>>> should ensure that no data is read or written if a length of zero is
>>>>> specified. Pointers to PROT_NONE memory are used to ensure that any
>>>>> reads or writes will cause a fault.
>>>>>
>>>> You do not need these. C standard requires arguments to be valid
>>>> pointers for most string functions, and they are already marked nonnull
>>>> in header.
>>>>
>>>> Just adding size 0 to inputs would suffice.
>>>
>>> These tests are not testing null pointers, they are testing that when
>>> given a zero length the functions actually read/write zero bytes.
>>> Whether the specification demands that behaviour is arguable but I
>>> believe that it is the most sane behaviour.
>>>
>>
>> Valid pointers is more than just non-NULL. In particular, it implies
>> that is safe to dereference the addressed byte in a source operand even
>> when the length parameter is zero. Thus testing that no bytes are read
>> would be incorrect.
>
> If that is the case then I withdraw the patch. Is that requirement
> documented anywhere?
>
C99 $7.21.1 clause 2.
R.