public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "allachan at au1 dot ibm.com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/16004] memcpy/strcpy: detect memory overlap and crash when error is detected
Date: Mon, 23 Jun 2014 03:11:00 -0000 [thread overview]
Message-ID: <bug-16004-131-XC1SxaA3N8@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-16004-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16004
paxdiablo <allachan at au1 dot ibm.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |allachan at au1 dot ibm.com
--- Comment #2 from paxdiablo <allachan at au1 dot ibm.com> ---
Hmmm.
"Sometimes people do silly things". I think the fix here may be to convince
people to stop doing those silly things :-)
ISO C11 (and earlier) specifically call out the possibility of overlap
problems, for both memcpy() and strcpy():
"If copying takes place between objects that overlap, the behavior is
undefined."
What you seem to be proposing is to slow down all copy operations to handle
things people shouldn't be doing in the first place. I'm of the opinion that C
bods who need this level of hand-holding should consider moving to C++ (I'm not
dissing C++ here but people should learn the tools they use, or get tools
better suited to them). Putting "safety" into one clib implementation will not
help you when you have to use another.
C already has a perfectly good library function for overlapping memory copies,
to wit, memmove(). I'd be more inclined to ask ISO WG14 to introduce a new
strmove() call for doing the same for C strings, or just use memmove() with
strlen() to achieve the same result, something like:
char *myStrMove (
char * restrict s1,
char * restrict s2)
{
memmove (s1, s2, strlen (s2) + 1);
return s1;
}
Don't take this as an attack, you've done exactly the right thing in your
layered approach for solutions ("if too heavy, do something else"). I just
don't think this should be changed for ALL XXXcpy() calls since it'll have a
performance hit.
By all means, if there's a different XXXcpy() we can use in those fortify
modes, I'd be happy. Though it's still going to crash, at least it'll fail fast
hopefully before corrupting data. Not sure how good that's going to make users
feel since they'll still have lost their unsaved work :-)
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2014-06-23 3:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-05 11:29 [Bug libc/16004] New: " slyfox at inbox dot ru
2013-10-09 7:52 ` [Bug libc/16004] " neleai at seznam dot cz
2014-06-13 12:41 ` fweimer at redhat dot com
2014-06-23 3:11 ` allachan at au1 dot ibm.com [this message]
2014-06-23 7:19 ` slyfox at inbox dot ru
2014-06-24 8:30 ` fweimer at redhat dot com
2015-08-27 22:17 ` [Bug string/16004] " jsm28 at gcc dot gnu.org
2024-03-01 7:43 ` sam at gentoo dot org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-16004-131-XC1SxaA3N8@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).