From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by sourceware.org (Postfix) with ESMTPS id 0D3083858408 for ; Mon, 10 Jul 2023 18:57:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0D3083858408 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=owlfolio.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=owlfolio.org Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id E36945C00CC; Mon, 10 Jul 2023 14:57:21 -0400 (EDT) Received: from imap42 ([10.202.2.92]) by compute1.internal (MEProxy); Mon, 10 Jul 2023 14:57:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=owlfolio.org; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1689015441; x=1689101841; bh=Av 0kQoYfDtCzrusW9UZeYU2mMpWpM/6PqP1RtKYnDX4=; b=OVb26cE8VWwDw0ZxBY TbUFYcSiSym908fEtQaWU+6h9PCp96Z90oYHjdKHAP35VsEL5BolZWTnkSt8yZzM pBemVNZg0wTscBepeMM+sxEii2idoV6AFlZqVGU0ZWsLTrrmvGO2jDF1x3acLKf+ FUpI5O3T36dX25gHmAJTz2ImOMAkNWad7ftnzPQU6NGzvWGIzrozPIqS+7G0BZpn YsF86Mr1CqwHx0eDH5hPAAVdw/qzATU+xPVIPKqyRmITgeMBtYDYTooFkjj3YSdQ U7zw1Or63/xEinYHs2zj5Uka5okytN/wdaQ7UB7r8S3RgqC+fS/+pUp4eXOudd5x nP7A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1689015441; x=1689101841; bh=Av0kQoYfDtCzr usW9UZeYU2mMpWpM/6PqP1RtKYnDX4=; b=RFvhOSFaUmnHvuLZh2BONonS6Md2s r0H+WgvREv/1NHuQ30pjktxgl3gmvxYtHuj4DuL4w89eKUrjc5Ou1hdqa8gj+S40 k5xx5wz9+sV6uG4h0hj1NIf621KW26nn+L/U+UQGnZaDo6p+qEjm8o0X49I+mwbD fCxOl8DeWaomhoxKAye5uSZN8w2BuwH+U0qpyQCqvki5pvoK0QuDeRlmiBo1O2Zd ELDntpe42ZK8fb7ilnMMQYcwdjlrqSk4yKSDhnDpg04ADMvshnN2SYYsn0ivBEmi jCppU8CPuXmF5HKz4gxua/HlnJHshu0BQd0PWEpTtOta3zlidPC5sDXWw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrvdekgdduvdefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsehttdertderredtnecuhfhrohhmpedfkggr tghkucghvghinhgsvghrghdfuceoiigrtghksehofihlfhholhhiohdrohhrgheqnecugg ftrfgrthhtvghrnhephfelfeehudfhleegheegjeevheeuieehvdfgueeuteetleeiieet heefhfeludeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepiigrtghksehofihlfhholhhiohdrohhrgh X-ME-Proxy: Feedback-ID: i876146a2:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 69143BC0089; Mon, 10 Jul 2023 14:57:21 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-531-gfdfa13a06d-fm-20230703.001-gfdfa13a0 Mime-Version: 1.0 Message-Id: <60947356-1710-4658-9169-9535505befd4@app.fastmail.com> In-Reply-To: References: <20230710161300.1678172-1-xry111@xry111.site> Date: Mon, 10 Jul 2023 14:56:59 -0400 From: "Zack Weinberg" To: "Siddhesh Poyarekar" , "Xi Ruoyao" , "GNU libc development" Cc: "Adhemerval Zanella" , "Carlos O'Donell" , "'Alejandro Colomar (man-pages)'" , "Andreas Schwab" Subject: Re: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in stdio.h Content-Type: text/plain X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,JMQ_SPF_NEUTRAL,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Mon, Jul 10, 2023, at 1:51 PM, Siddhesh Poyarekar wrote: > On 2023-07-10 13:12, Zack Weinberg wrote: >> On Mon, Jul 10, 2023, at 12:13 PM, Xi Ruoyao via Libc-alpha wrote: >>> During the review of a GCC analyzer test case, we found most stdio >>> functions accepting a FILE * argument expect it to be nonnull and >>> just segfault when the argument is NULL. Add nonnull attribute >>> for them. >> >> I think this patchset has a high risk of breaking application code, >> because "this function will promptly crash if passed a NULL pointer" >> is a very different property from "any code path that would cause >> this function to be passed a NULL pointer is necessarily >> unreachable." >> >> If we take it at all -- and my current gut feeling is that we >> *shouldn't* -- we should do so early in a release cycle to give us >> the best chance of discovering broken applications before the >> release. > > Thanks for your comment; it made me take a closer look at this. I > suppose it makes sense to push it in right after we tag 2.38 then, so > that there's the rest of the year to test and fix broken applications > before 2.39. That would be fine with me. > Would it be more acceptable to you if this gets wrapped into fortify, > i.e. it gets enabled if _FORTIFY_SOURCE is defined? I tend to agree with Xi that having the presence of __nonnull depend on _FORTIFY_SOURCE would cause more problems than it solves. Also, since several Linux distributions enable _FORTIFY_SOURCE by default, we'd still be risking significant breakage if we shipped that in 2.38. > In fact, the wrappers in stdio2.h and the _chk variants of those > functions should likely also get the __nonnull annotation. Yes, divergence between the _chk variants and the unfortified variants should be avoided as much as possible. zw