From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from boar.tulip.relay.mailchannels.net (boar.tulip.relay.mailchannels.net [23.83.218.250]) by sourceware.org (Postfix) with ESMTPS id 978C23858C83 for ; Wed, 15 Mar 2023 15:54:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 978C23858C83 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 961A13E14B6; Wed, 15 Mar 2023 15:54:48 +0000 (UTC) Received: from pdx1-sub0-mail-a305.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 2B3D83E288C; Wed, 15 Mar 2023 15:54:48 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1678895688; a=rsa-sha256; cv=none; b=K7AIgalPVZDsy1O4RJgX3S8YBjuJQC3YTQUw92RI/3OC7Hgf9XYehg8I/BKRe8wZqIw6VF VhGAs33CoYSXWcBK0ZQ9KJ/fLYEMMao4DXGfCsDnHu7x2ZDNqa0uk7A9Y1bXOxdbjjDZxQ NV9Rz6ICVkl6JKXQ9knS+c/TXqxzd63sruyYygIro6mhDTlEsmefNk4ltmnpzEgepIvW2R N0RkbRyys2n9PeV+DpWxWKdPm3RhTPURvy8jtkjcTKTwR5GkIo10HlQl5oLdxSH8XUvbgs ghD2pum9BOK2Suvc3sGly9w7kZKURPKsZ9T1raskFD8dX7HsUJbfyq2R22aQKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1678895688; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/7b8Kif5BL6tuMkIvoUAj2EsOIgmffulm/UfEgDQc1k=; b=Jslx4bFPZ+Ub64Fbr8nKFMH7v/axv6o1KXdqQ4hr9yBeh9zGQaIIHzLw7MDmbN4sf5sTcf 2AljwOprJeCSNG1IPdGcEDweBpUTLJkkHVEBTPpfFmL4xdyfARDGPRDhe9peBuDb8W1vf/ Th0FmRsMx7TqZ+g6TfpApAU2ZmyQQPudOFQl0qzlxVyiHGYGb6AN/jc7OaFT7yVri/nx7b pqzRMk9Xa3U9NQgpCH5vt/mMQ1WoGGmsxZqk85KTW8jNOxRJLM0CAUkcujBRut7TiQcbRY 2vLa+1vYzwZUMPbehdJoz5D+uS/5Z2HXIzfjbgubo1LKan+TpS1VPHHaoBdJNw== ARC-Authentication-Results: i=1; rspamd-7b575b84b5-rbcdd; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Ruddy-Blushing: 475e376d13cf7b0b_1678895688442_2419789981 X-MC-Loop-Signature: 1678895688442:3010732151 X-MC-Ingress-Time: 1678895688442 Received: from pdx1-sub0-mail-a305.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.107.49.230 (trex/6.7.2); Wed, 15 Mar 2023 15:54:48 +0000 Received: from [192.168.0.182] (bras-vprn-toroon4834w-lp130-09-174-91-45-153.dsl.bell.ca [174.91.45.153]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a305.dreamhost.com (Postfix) with ESMTPSA id 4PcFMW4jmqz3H; Wed, 15 Mar 2023 08:54:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1678895687; bh=/7b8Kif5BL6tuMkIvoUAj2EsOIgmffulm/UfEgDQc1k=; h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding; b=fQT6DdcK1bH9XBgvtLvuPK/YIRBBsXUB6J6PFdU85zrpRxrOCAprwCRlQAwsy5JAU 8SPWojKUCHw4OlT+cpSHLLs/wi6gEwMCx4H8uH6G6OJio3jLtshEskK/5/DCZoVudL oHWkVab9udREejXXR2c/p4GGE0R2KhMab5BEb9UdBulsswOlJ02q2KNYYrm2c0Uv1/ Syp/+huhDs4FcK+bKZ5dCqhZoeT4f/qgeNLmhmbEsurSsPmwFYQ6QcZjYMKRDrZxeg 2I+vPjFBmXMUqvItaff1VgYZFQllJlIWLH9TIx1PjlGo3OJ97FeJlsJuyOrvHcPKZ6 Tdhy1e4r5bi/A== Message-ID: <7efb98ab-182b-d00b-6c29-18c24f08aaa7@gotplt.org> Date: Wed, 15 Mar 2023 11:54:46 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: UB status of snprintf on invalid ptr+size combination? Content-Language: en-US To: Andreas Schwab , Paul Eggert Cc: Simon Chopin , libc-alpha@sourceware.org References: From: Siddhesh Poyarekar In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3030.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-03-15 05:22, Andreas Schwab via Libc-alpha wrote: > On Mär 14 2023, Paul Eggert wrote: > >> For example, it's valid for snprintf to be implemented this way: >> >> int >> snprintf (char *buf, size_t size, char const *fmt, ...) >> { >> char *buf_limit = buf + size; >> ... >> } >> >> even though this would have undefined behavior if BUF points to a >> character array smaller than SIZE. > > Since it is part of the implementation it is irrelevant from the POV of > the standard. The implementation does not have to abide to the C > standard, as long as it properly implements the interface constraints. > > What matters is the wording of the standard. The POSIX standard is more > explicit here: "with the addition of the n argument which states the > size of the buffer referred to by s." Probably the C standard should be > clarified. +1, the C standard wording ought to mirror POSIX here. FWIW, when built with fortification, this code will abort prematurely because it considers passed size being greater than the buffer size as being unsafe. Thanks, Sid