From: Alex Colomar <alx.manpages@gmail.com>
To: Rich Felker <dalias@libc.org>, Stefan Puiu <stefan.puiu@gmail.com>
Cc: GNU C Library <libc-alpha@sourceware.org>,
linux-man <linux-man@vger.kernel.org>,
gcc@gcc.gnu.org, Igor Sysoev <igor@sysoev.ru>
Subject: Re: struct sockaddr_storage
Date: Tue, 24 Jan 2023 17:53:17 +0100 [thread overview]
Message-ID: <5378ac8a-00ec-6dab-9f79-3e5c25f4a51c@gmail.com> (raw)
In-Reply-To: <20230124111623.GD3298@brightrain.aerifal.cx>
[-- Attachment #1.1: Type: text/plain, Size: 2738 bytes --]
Hi Rick,
On 1/24/23 12:16, Rich Felker wrote:
> On Fri, Jan 20, 2023 at 12:06:50PM +0200, Stefan Puiu via Libc-alpha wrote:
>> Hi Alex,
>>
>> On Thu, Jan 19, 2023 at 4:14 PM Alejandro Colomar
>> <alx.manpages@gmail.com> wrote:
>>>
>>> Hi!
>>>
>>> I just received a report about struct sockaddr_storage in the man pages. It
>>> reminded me of some concern I've always had about it: it doesn't seem to be a
>>> usable type.
>>>
>>> It has some alignment promises that make it "just work" most of the time, but
>>> it's still a UB mine, according to ISO C.
>>>
>>> According to strict aliasing rules, if you declare a variable of type 'struct
>>> sockaddr_storage', that's what you get, and trying to access it later as some
>>> other sockaddr_8 is simply not legal. The compiler may assume those accesses
>>> can't happen, and optimize as it pleases.
>>
>> Can you detail the "is not legal" part? How about the APIs like
>> connect() etc that use pointers to struct sockaddr, where the
>> underlying type is different, why would that be legal while using
>> sockaddr_storage isn't?
>
> Because they're specified to take different types. In C, any struct
> pointer type can legally point to any other struct type. You just
> can't dereference through it with the wrong type.
Yep. Which basically means that users need to treat sockaddr structures
as black boxes. Otherwise, there's going to be undefined behavior at
some point. Because of course, you can't know the right type before
reading the first field, which is already UB.
> How the
> implementation of connect etc. handle this is an implementation
> detail. You're allowed to pass pointers to struct sockaddr_in, etc. to
> connect etc. simply because the specification says you are.
While the implementation has some more freedom regarding UB, in this
case it's waiting for a compiler optimization to break this code, so I'd
go the safe way and use standard C techniques in libc so that there are
no long-term UB issues.
As a side effect, user code that currently invokes UB could be changed
to have defined behavior.
>
> In any case, sockaddr_storage is a legacy thing designed by folks who
> didn't understand the rules of the C language. It should never appear
> in modern code except perhaps with sizeof for allocting buffers. There
> is no action that needs to be taken here except documenting that it
> should not be used (cannot be used meaningfully without UB).
I agree with you on this. sockaddr_storage has been broken since day 0.
However, for designing a solution for libc using unions, it could be
useful.
>
> Rich
Cheers,
Alex
--
<http://www.alejandro-colomar.es/>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2023-01-24 16:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-19 14:11 Alejandro Colomar
2023-01-20 10:06 ` Stefan Puiu
2023-01-20 12:39 ` Alejandro Colomar
2023-01-23 7:40 ` Stefan Puiu
2023-01-23 16:03 ` Alejandro Colomar
2023-01-23 16:28 ` Richard Biener
2023-01-24 16:38 ` Alex Colomar
2023-01-23 16:37 ` Jakub Jelinek
2023-01-24 16:40 ` Alex Colomar
2023-01-24 18:00 ` Alex Colomar
2023-01-24 11:16 ` Rich Felker
2023-01-24 16:53 ` Alex Colomar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5378ac8a-00ec-6dab-9f79-3e5c25f4a51c@gmail.com \
--to=alx.manpages@gmail.com \
--cc=dalias@libc.org \
--cc=gcc@gcc.gnu.org \
--cc=igor@sysoev.ru \
--cc=libc-alpha@sourceware.org \
--cc=linux-man@vger.kernel.org \
--cc=stefan.puiu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).