This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Implement strlcat [BZ#178]
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: Zack Weinberg <zackw at panix dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 11 Dec 2015 10:40:58 -0800
- Subject: Re: [PATCH] Implement strlcat [BZ#178]
- Authentication-results: sourceware.org; auth=none
- References: <56547472 dot 3010302 at redhat dot com> <5654B1FE dot 5020100 at cs dot ucla dot edu> <5654B796 dot 7070302 at redhat dot com> <5656E018 dot 5020608 at cs dot ucla dot edu> <565F211A dot 2030909 at redhat dot com> <56607CD1 dot 3050209 at cs dot ucla dot edu> <CAKCAbMgDMK9wjfNEJYW7e-cN9s5aVhun6V08OXrcOgYKRYF7_g at mail dot gmail dot com> <5660825E dot 9020901 at cs dot ucla dot edu> <CAKCAbMi2zSJRjS=ceg8UvTYY18UrCWysaOFX+OzvKZQfeR9+SA at mail dot gmail dot com> <5660C545 dot 1090805 at cs dot ucla dot edu> <5661A123 dot 9050408 at panix dot com> <5661BD09 dot 5020408 at cs dot ucla dot edu> <5665905E dot 1020608 at panix dot com> <5665F492 dot 2080307 at cs dot ucla dot edu> <5669D4AF dot 4060201 at redhat dot com> <5669FC38 dot 5020009 at cs dot ucla dot edu> <566ABCF6 dot 1060207 at redhat dot com>
On 12/11/2015 04:09 AM, Florian Weimer wrote:
This implementation comes with documentation and it says
My comments were about the OpenBSD implementation, not the
documentation. If implementation compatibility is required (which I
think was Zack's point), we need to fix incompatibilities with the
OpenBSD implementation, even if these incompatibilities aren't documented.
Conversely, if implementation compatibility is not required, then we
needn't reproduce OpenBSD's behavior exactly on weird corner cases that
come up only with buggy applications. NetBSD does this to some extent,
and if we're going to implement strlcpy+strlcat at all, we could do so
as well. So, for example, it would be fine if _FORTIFY_SOURCE caused
strlcpy to report an error when given overlapping arguments, even though
OpenBSD's strlcpy implementation has well-defined behavior in that
situation.
Either approach would be better than a randomish glibc implementation,
partially compatible with OpenBSD's weird quirks and partially not, with
no principle for when we're compatible and when not.
âIf the src and dst strings overlap, the behavior is undefined.â
<http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libc/string/strlcpy.3>
If the goal is to implement this spec (and implementation compatibility
is not required), then this quote says the destination is a string,
which means the destination buffer is null-terminated for strlcat, and
also means SIZE is nonzero for both strlcpy and strlcat. And that is
what my proposed strlcpy+strlcat doc patch says, albeit more clearly. Of
course other parts of the OpenBSD spec talk about what to do when SIZE
is zero or the strlcat destination is not a string, but what can I say?
The OpenBSD spec is confused and contradicts itself, and this gives us
wiggle room to interpret it reasonably for these weird corner cases.
Thanks, by the way, for being so patient with all this. This API is such
a pain.