This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Implement strlcat [BZ#178]
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: Zack Weinberg <zackw at panix dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Thu, 10 Dec 2015 14:27:04 -0800
- Subject: Re: [PATCH] Implement strlcat [BZ#178]
- Authentication-results: sourceware.org; auth=none
- References: <56547472 dot 3010302 at redhat dot com> <5654B1FE dot 5020100 at cs dot ucla dot edu> <5654B796 dot 7070302 at redhat dot com> <5656E018 dot 5020608 at cs dot ucla dot edu> <565F211A dot 2030909 at redhat dot com> <56607CD1 dot 3050209 at cs dot ucla dot edu> <CAKCAbMgDMK9wjfNEJYW7e-cN9s5aVhun6V08OXrcOgYKRYF7_g at mail dot gmail dot com> <5660825E dot 9020901 at cs dot ucla dot edu> <CAKCAbMi2zSJRjS=ceg8UvTYY18UrCWysaOFX+OzvKZQfeR9+SA at mail dot gmail dot com> <5660C545 dot 1090805 at cs dot ucla dot edu> <5661A123 dot 9050408 at panix dot com> <5661BD09 dot 5020408 at cs dot ucla dot edu> <5665905E dot 1020608 at panix dot com> <5665F492 dot 2080307 at cs dot ucla dot edu> <5669D4AF dot 4060201 at redhat dot com>
On 12/10/2015 11:38 AM, Florian Weimer wrote:
>> the OpenBSD strlcpy
>> implementation always has well-defined behavior when source and
>> destination overlap, but the proposed implementation does not.
>
> The OpenBSD implementation is defined to be undefined with overlapping
> inputs, too.
No, the OpenBSD implementation has well-defined behavior then. strlcpy
is declared like this:
size_t strlcpy (char *, const char *, size_t) __attribute__
((__bounded__ (__string__, 1, 3)));
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/include/string.h
and is implemented like this:
size_t
strlcpy (char *dst, const char *src, size_t size)
{
const char *s = src;
size_t n = size;
if (n)
while (--n && (*dst++ = *s++))
continue;
if (!n)
{
if (size)
*dst = '\0';
while (*s++)
continue;
}
return s - src - 1;
}
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libc/string/strlcpy.c
Nothing in this implementation prohibits overlapping the source and
destination. There is no use of 'restrict' or of 'memcpy' or anything
like that. Behavior is perfectly well-defined when source and
destination overlap.
>> Third, the OpenBSD implementation declares strlcpy and strlcat to have
>> __attribute__ ((__bounded__ ...)), an OpenBSD extension that generates
>> warnings when compiling with gcc -Wbounded (an OpenBSD GCC option that
>> is on by default). The proposed implementation doesn't do that so it by
>> default does not diagnose bugs that the OpenBSD implementation does
>> diagnose.
>
> Doesn't the _FORTIFY_SOURCE wrapper do something similar?
Yes, but the proposed glibc implementation is not "exactly matching the
OpenBSD semantics" as Zack insisted upon. For example, whether
diagnostics are issued differs by default. There are probably other
differences (sorry, I don't know what the __bounded__ attribute does,
exactly).