From: Alejandro Colomar <alx.manpages@gmail.com>
To: Wilco Dijkstra <Wilco.Dijkstra@arm.com>
Cc: Zack Weinberg via Libc-alpha <libc-alpha@sourceware.org>,
Alejandro Colomar <alx@kernel.org>,
Florian Weimer <fweimer@redhat.com>,
Paul Eggert <eggert@cs.ucla.edu>, Sam James <sam@gentoo.org>,
Steffen Nurpmeso <steffen@sdaoden.eu>
Subject: Re: [PATCH 1/1] string: Add stpecpy(3)
Date: Fri, 23 Dec 2022 18:21:42 +0100 [thread overview]
Message-ID: <28cf436c-86dc-f83c-85ec-8a5b5b65fce3@gmail.com> (raw)
In-Reply-To: <674a24d3-f81b-0201-097e-0bbe9b60d1fd@gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 2559 bytes --]
Hi Wilco,
On 12/23/22 13:26, Alejandro Colomar wrote:
> However, one may question the validity of such optimizations, as they
> defeat the whole purpose of strlcpy() and strlcat(). As a matter of
> fact, the first version of this manual page got it wrong.
>
> Guess what? There's no 'cat' version of snprintf, so users are doomed to write
> buggy code when trying to use it to concatenate after some other string. I've
> recently been investigating a lot about it, and found invocations of Undefined
> Behavior, and some milder cases of benign off-by-one (on the safe side, by luck)
> errors, in calls to snprintf(3) in several important projects:
>
> - NGINX Unit:
> - Undefined Behavior:
> <https://github.com/nginx/unit/issues/795#issuecomment-1345400420>
>
> - Wrong truncation detection:
> <https://github.com/nginx/unit/pull/734#discussion_r1043963527>
> <https://github.com/nginx/unit/issues/804>
>
> - shadow:
> - off-by-one:
> <https://github.com/shadow-maint/shadow/pull/607>
>
> - clever code that looks like a bug but it's not:
> <https://github.com/shadow-maint/shadow/issues/608>
And adding strlcat(3) doesn't address the issue about snprintf(3), which, as
EdSchouten said in the Austin discussion:
"
- strlcpy() fits within the existing set of functions like a glove. strlcpy(a,
b, n) behaves identically to snprintf(a, n, "%s", b). The return value always
corresponds to the number of non-null bytes that would have been written. If we
truly think that this is bad design, should we come up with a new version of
snprintf() that also doesn't do this? I don't think so.
"
I only disagree in the last part ("I don't think so"). As I linked in my
previous message, there have been numerous misuses of snprintf(3), due to the
fact that it's not designed to be concatenated. But of course there's no
alternative, so the only way is using it, and hoping that you didn't introduce a
bug.
Steffen (was it Nurpmeso?) in that same discussion rebated the claims about
strlcpy(3) with performance claims that snprintf(3) is slow, but that was the
least evil. The real evil with snprintf(3) is that it doesn't have a 'cat'
complement.
<https://www.austingroupbugs.net/view.php?id=986>
So, I'll send a second revision of the patch set to add stpeprintf(3).
Cheers,
Alex
--
<http://www.alejandro-colomar.es/>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2022-12-23 17:21 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-22 21:42 [PATCH 0/1] " Alejandro Colomar
2022-12-22 21:42 ` [PATCH 1/1] " Alejandro Colomar
2022-12-23 7:02 ` Sam James
2022-12-23 12:26 ` Alejandro Colomar
2022-12-23 12:29 ` Alejandro Colomar
2022-12-23 17:21 ` Alejandro Colomar [this message]
2022-12-31 15:13 ` Sam James
2022-12-31 15:15 ` Alejandro Colomar
2022-12-28 23:17 ` [PATCH v2 0/3] Add stpe*() functions Alejandro Colomar
2022-12-29 0:01 ` Zack Weinberg
2022-12-29 10:13 ` Alejandro Colomar
2022-12-28 23:17 ` [PATCH v2 1/3] string: Add stpecpy() Alejandro Colomar
2022-12-28 23:27 ` Alejandro Colomar
2022-12-28 23:17 ` [PATCH v2 2/3] stdio: Add vstpeprintf() Alejandro Colomar
2022-12-28 23:17 ` [PATCH v2 3/3] stdio: Add stpeprintf() Alejandro Colomar
2022-12-28 23:27 ` Alejandro Colomar
2022-12-23 14:59 [PATCH 1/1] string: Add stpecpy(3) Wilco Dijkstra
2022-12-23 17:03 ` Alejandro Colomar
2022-12-23 17:27 ` Alejandro Colomar
2022-12-23 18:35 Wilco Dijkstra
2022-12-23 22:40 ` Alejandro Colomar
2022-12-23 23:24 Wilco Dijkstra
2022-12-24 0:05 ` Alejandro Colomar
2022-12-24 0:26 ` Alejandro Colomar
2022-12-25 1:52 ` Noah Goldstein
2022-12-25 14:37 ` Alejandro Colomar
2022-12-25 22:31 ` Noah Goldstein
2022-12-26 0:26 ` Alejandro Colomar
2022-12-26 0:32 ` Noah Goldstein
2022-12-26 0:37 ` Alejandro Colomar
2022-12-26 2:43 ` Noah Goldstein
2022-12-26 22:25 ` Alejandro Colomar
2022-12-26 23:24 ` Alejandro Colomar
2022-12-26 23:52 ` Alejandro Colomar
2022-12-27 0:12 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=28cf436c-86dc-f83c-85ec-8a5b5b65fce3@gmail.com \
--to=alx.manpages@gmail.com \
--cc=Wilco.Dijkstra@arm.com \
--cc=alx@kernel.org \
--cc=eggert@cs.ucla.edu \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=sam@gentoo.org \
--cc=steffen@sdaoden.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).