From: Paul Eggert <eggert@cs.ucla.edu>
To: Siddhesh Poyarekar <siddhesh@gotplt.org>
Cc: Florian Weimer <fweimer@redhat.com>,
Jakub Jelinek <jakub@redhat.com>,
Andreas Schwab <schwab@linux-m68k.org>,
libc-alpha@sourceware.org
Subject: Re: [RFC] _FORTIFY_SOURCE strictness
Date: Thu, 7 Apr 2022 19:26:41 -0700 [thread overview]
Message-ID: <2f468367-7e1f-7c11-0417-1baf790efdd4@cs.ucla.edu> (raw)
In-Reply-To: <d0b28dea-0d61-49bf-aa75-a96fc71e3d07@gotplt.org>
On 4/6/22 23:26, Siddhesh Poyarekar wrote:
> Thoughts? Maybe an Option 3 that's less worse than the above two options?
Perhaps we could use Option 1 (do nothing) for functions like snprintf,
and Option 2 (abort only on actual overflows) for functions like strncpy.
For snprintf Option 1 is arguably allowed by the C standard, which says
"If a function argument is described as being an array, the pointer
actually passed to the function shall have a value such that all address
computations and accesses to objects (that would be valid if the pointer
did point to the first element of such an array) are in fact valid." In
other words, if you call snprintf (a, n, ...) the implementation is
allowed compute &a[0] through &a[n] even if it doesn't store into every
byte in 'a' - and this means Option 1 is allowed.
For strncpy the situation is murkier and arguably something like Option
2 would be needed, due to the funky way that the standard words the
strncpy spec. However, this is not that important, since strncpy is (or
at least should be) rarely used nowadays, so it's not that
performance-relevant.
If we're lucky, most of the affected functions are more like snprintf
than like strcpy, which means we can use Option 1 (do nothing) for most
of the affected functions.
next prev parent reply other threads:[~2022-04-08 2:26 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-07 6:26 Siddhesh Poyarekar
2022-04-07 10:16 ` Andreas Schwab
2022-04-08 3:24 ` Siddhesh Poyarekar
2022-04-08 2:26 ` Paul Eggert [this message]
2022-04-08 3:32 ` Siddhesh Poyarekar
2022-04-08 5:37 ` Florian Weimer
2022-04-08 6:02 ` Siddhesh Poyarekar
2022-04-08 21:07 ` Paul Eggert
2022-04-11 8:02 ` Siddhesh Poyarekar
2022-05-05 18:43 ` [PATCH 0/2] More compliant wcrtomb Siddhesh Poyarekar
2022-05-05 18:43 ` [PATCH 1/2] benchtests: Add wcrtomb microbenchmark Siddhesh Poyarekar
2022-05-06 9:10 ` Florian Weimer
2022-05-06 12:49 ` [committed] " Siddhesh Poyarekar
2022-05-06 12:50 ` [PATCH 1/2] " Adhemerval Zanella
2022-05-06 12:59 ` Siddhesh Poyarekar
2022-05-06 13:20 ` Adhemerval Zanella
2022-05-06 13:26 ` Siddhesh Poyarekar
2022-05-06 13:36 ` Siddhesh Poyarekar
2022-05-06 13:46 ` Adhemerval Zanella
2022-05-05 18:43 ` [PATCH 2/2] wcrtomb: Make behavior POSIX compliant Siddhesh Poyarekar
2022-05-06 9:25 ` Paul Eggert
2022-05-06 13:40 ` Adhemerval Zanella
2022-05-06 13:46 ` Siddhesh Poyarekar
2022-05-06 14:04 ` [PATCH v2] " Siddhesh Poyarekar
2022-05-09 13:22 ` Adhemerval Zanella
2022-05-09 13:35 ` Siddhesh Poyarekar
2022-05-12 13:15 ` [PATCH v3] " Siddhesh Poyarekar
2022-05-13 4:56 ` Paul Eggert
2022-05-13 5:28 ` Paul Eggert
2022-05-13 11:31 ` Siddhesh Poyarekar
2022-05-13 11:38 ` Florian Weimer
2022-05-13 11:51 ` Siddhesh Poyarekar
2022-05-13 12:55 ` Florian Weimer
2022-05-13 12:30 ` Adhemerval Zanella
2022-05-13 13:42 ` Siddhesh Poyarekar
2022-05-13 17:58 ` Paul Eggert
2022-05-13 13:45 ` [committed] " Siddhesh Poyarekar
2022-05-13 8:18 ` [PATCH v3] " Siddhesh Poyarekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2f468367-7e1f-7c11-0417-1baf790efdd4@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=fweimer@redhat.com \
--cc=jakub@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=schwab@linux-m68k.org \
--cc=siddhesh@gotplt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).