This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v3] Implement strlcpy [BZ #178]
- From: Rich Felker <dalias at libc dot org>
- To: Tolga Dalman <tolga dot dalman at googlemail dot com>
- Cc: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>, libc-alpha at sourceware dot org
- Date: Sat, 7 Nov 2015 20:07:32 -0500
- Subject: Re: [PATCH v3] Implement strlcpy [BZ #178]
- Authentication-results: sourceware.org; auth=none
- References: <56326B79 dot 8070804 at redhat dot com> <20151105211104 dot D10932C3B22 at topped-with-meat dot com> <20151106040125 dot GY8645 at brightrain dot aerifal dot cx> <563C9871 dot 9090700 at linaro dot org> <563E9BE6 dot 40508 at googlemail dot com>
On Sun, Nov 08, 2015 at 01:48:38AM +0100, Tolga Dalman wrote:
> As a mere user, I have never needed strlcpy myself. Given that this
> function is quite easy to realize, I see no reason to include such
> a function in glibc.
Unfortunately that's NOT a given. Most reimplementations from scratch
have at least one serious corner-case bug. And if you have more than
one in the same program (e.g. multiple shared libraries that each
implement their own) they all end up using the copy from whichever
library was linked first, which might have a corner-case bug that
affects the other users. This is the main compelling security reason
for having the functions in libc: to get programs/libraries to stop
providing their own likely-buggy versions.
> Also, I see only little value in improving the
> portability with BSDs beyond POSIX, really. Thus, the real value of
> adding this function appears to be convenience reasons. Anyway, this
> is my personal view. As Rich stated, the arguments have been on the
> table several times and it is not my intent to restart the discussion.
>
> Instead, my proposal is to add this function to glibc, but in a separate library.
That is utterly useless and much more costly. Each additional library
linked adds at least 4k of (non-shareable) memory usage to a process
and increases the start time by tens or hundreds of microseconds. But
most importantlu, if they're not available in the default link,
configure scripts will never find/use them, and they'll just end up
enabling their own replacements.
Anyway, in general, if adding a function to glibc is a bad idea,
adding it in its own separate .so file shipped with glibc is an even
worse idea. There are no advantages and lots of disadvantages.
Rich