From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27340 invoked by alias); 23 Jun 2014 03:11:52 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 27304 invoked by uid 48); 23 Jun 2014 03:11:44 -0000 From: "allachan at au1 dot ibm.com" To: glibc-bugs@sourceware.org Subject: [Bug libc/16004] memcpy/strcpy: detect memory overlap and crash when error is detected Date: Mon, 23 Jun 2014 03:11:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: allachan at au1 dot ibm.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-06/txt/msg01369.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=16004 paxdiablo changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |allachan at au1 dot ibm.com --- Comment #2 from paxdiablo --- Hmmm. "Sometimes people do silly things". I think the fix here may be to convince people to stop doing those silly things :-) ISO C11 (and earlier) specifically call out the possibility of overlap problems, for both memcpy() and strcpy(): "If copying takes place between objects that overlap, the behavior is undefined." What you seem to be proposing is to slow down all copy operations to handle things people shouldn't be doing in the first place. I'm of the opinion that C bods who need this level of hand-holding should consider moving to C++ (I'm not dissing C++ here but people should learn the tools they use, or get tools better suited to them). Putting "safety" into one clib implementation will not help you when you have to use another. C already has a perfectly good library function for overlapping memory copies, to wit, memmove(). I'd be more inclined to ask ISO WG14 to introduce a new strmove() call for doing the same for C strings, or just use memmove() with strlen() to achieve the same result, something like: char *myStrMove ( char * restrict s1, char * restrict s2) { memmove (s1, s2, strlen (s2) + 1); return s1; } Don't take this as an attack, you've done exactly the right thing in your layered approach for solutions ("if too heavy, do something else"). I just don't think this should be changed for ALL XXXcpy() calls since it'll have a performance hit. By all means, if there's a different XXXcpy() we can use in those fortify modes, I'd be happy. Though it's still going to crash, at least it'll fail fast hopefully before corrupting data. Not sure how good that's going to make users feel since they'll still have lost their unsaved work :-) -- You are receiving this mail because: You are on the CC list for the bug.