This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Implement C11 annex K?
- From: "David A. Wheeler" <dwheeler at dwheeler dot com>
- To: "libc-alpha" <libc-alpha at sourceware dot org>
- Date: Fri, 15 Aug 2014 18:24:58 -0400 (EDT)
- Subject: Re: Implement C11 annex K?
- Authentication-results: sourceware.org; auth=none
- Reply-to: dwheeler at dwheeler dot com
On Fri, 15 Aug 2014 15:04:00 -0700, Paul Eggert <eggert@cs.ucla.edu> wrote:
> That URL is part of circa-2002 discussion on this topic, a discussion
> which closely resembled this one, right down to the list of
> participants. Maybe we should repeat again in 2026?
I think there will be *no* need to wait until 2026 :-).
The article https://lwn.net/Articles/507319/
notes requests to add strlcpy/strlcat to glibc have occurred in at least
2000, 2004, 2007, 2011, and 2012. We can now add 2014. There are probably other
years, and I'm not even including annex K (which would be ANOTHER list).
Yet with the data I have it looks like there's an increasing frequency of requests!
If glibc doesn't add functions that *easily* counter buffer
overflows in fixed-length strings, I predict with high confidence that requests will
keep coming, because this continues to be widely perceived as an unmet need.
I'm sure many requests are rejected by the glibc developers and stay rejected...
but this is *NOT* one of them.
These functions are used in OpenSSL, LibreSSL, OpenSSH, OpenBSD,
and the Linux kernel at *least*, and probably many others.
Projects keep re-implementing them, typically less efficiently than a glibc
implementation would be. There are reasons for this.
--- David A. Wheeler