From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from joooj.vinc17.net (joooj.vinc17.net [IPv6:2001:4b99:1:3:216:3eff:fe20:ac98]) by sourceware.org (Postfix) with ESMTPS id 94DBC385842E for ; Wed, 15 Mar 2023 12:39:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 94DBC385842E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=vinc17.net Authentication-Results: sourceware.org; spf=none smtp.mailfrom=vinc17.net Received: from smtp-zira.vinc17.net (128.119.75.86.rev.sfr.net [86.75.119.128]) by joooj.vinc17.net (Postfix) with ESMTPSA id B273E310; Wed, 15 Mar 2023 13:39:49 +0100 (CET) Received: by zira.vinc17.org (Postfix, from userid 1000) id 77C67280021C; Wed, 15 Mar 2023 13:39:49 +0100 (CET) Date: Wed, 15 Mar 2023 13:39:49 +0100 From: Vincent Lefevre To: Paul Eggert Cc: Simon Chopin , libc-alpha@sourceware.org Subject: Re: UB status of snprintf on invalid ptr+size combination? Message-ID: <20230315123949.GC73312@zira.vinc17.org> Mail-Followup-To: Vincent Lefevre , Paul Eggert , Simon Chopin , libc-alpha@sourceware.org References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Mailer-Info: https://www.vinc17.net/mutt/ User-Agent: Mutt/2.2.9+69 (3263c953) vl-149028 (2023-03-13) X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: About snprintf(buf, INT_MAX, "%s", "Hello world"); On 2023-03-14 14:39:42 -0700, Paul Eggert wrote: > On 3/14/23 12:47, Simon Chopin via Libc-alpha wrote: > > When the issue was first discovered[1], I didn't raise the issue because I > > dismissed it as UB, but it reappeared in an unrelated context, and > > colleagues pointed out that the wording in the standard doesn't actually > > say that the `n` argument is the size of the array. > > That sounds like a misreading of the C standard. Even though the standard > often does not explicitly say that a size argument is the size of an array, > it's obvious from context that this is intended. So Florian is correct here > that the call with INT_MAX is not portable C code. No, it is not obvious. If the C standard does not say that this is the size of the array, then it does not have to be the size of the array. The C standard just says: Otherwise, output characters beyond the n-1st are discarded rather than being written to the array, and a null character is written at the end of the characters actually written into the array. In practice, it is possible that the check of the buffer size has already been done somewhere else, so that using a larger value for n is fine. -- Vincent Lefèvre - Web: 100% accessible validated (X)HTML - Blog: Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)