This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] string: Add tests for zero length string inputs


On 19/09/14 18:09, Will Newton wrote:
> On 19 September 2014 04:23, OndÅej BÃlka <neleai@seznam.cz> wrote:
>> On Tue, Sep 16, 2014 at 04:40:30PM -0700, Will Newton wrote:
>>> For the string functions that take string lengths as an argument we
>>> should ensure that no data is read or written if a length of zero is
>>> specified. Pointers to PROT_NONE memory are used to ensure that any
>>> reads or writes will cause a fault.
>>>
>> You do not need these. C standard requires arguments to be valid
>> pointers for most string functions, and they are already marked nonnull
>> in header.
>>
>> Just adding size 0 to inputs would suffice.
> 
> These tests are not testing null pointers, they are testing that when
> given a zero length the functions actually read/write zero bytes.
> Whether the specification demands that behaviour is arguable but I
> believe that it is the most sane behaviour.
> 

Valid pointers is more than just non-NULL.  In particular, it implies
that is safe to dereference the addressed byte in a source operand even
when the length parameter is zero.  Thus testing that no bytes are read
would be incorrect.



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]