This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug string/19391] strnlen invokes UB by adding maxlen to str
- From: "pascal_cuoq at hotmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 28 Dec 2015 14:05:26 +0000
- Subject: [Bug string/19391] strnlen invokes UB by adding maxlen to str
- Auto-submitted: auto-generated
- References: <bug-19391-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=19391
--- Comment #2 from Pascal Cuoq <pascal_cuoq at hotmail dot com> ---
Florian,
my interpretation of the standards is that in all the strn* functions, as well
as memchr (as an explicit exception among the mem* functions), the size
argument limits the number of characters read but is allowed to be arbitrarily
larger than the number of characters that would be valid to read (if reading
stops because '\0' or the searched character is found).
In other words, yes, I think that strnlen (p, -1) should not invoke UB and be
equivalent to strlen (p).
In other words, this report is part of the same wave as
https://sourceware.org/bugzilla/show_bug.cgi?id=19390 and
https://sourceware.org/bugzilla/show_bug.cgi?id=19387 , except that those
describe concrete problems in assembly versions whereas this one is a
theoretical problem in the C version.
FWIW, the idea of looking at very large size arguments for standard functions
started with memchr, for which they are very explicitly allowed in POSIX and
C11, and it was this remark of Jed Davis that incited me to look at the strn*
functions:
https://twitter.com/xlerb/status/678963983756333056
--
You are receiving this mail because:
You are on the CC list for the bug.