From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-return-106449-listarch-libc-alpha=sources.redhat.com@sourceware.org>
Received: (qmail 87102 invoked by alias); 30 Oct 2019 10:55:40 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Received: (qmail 87094 invoked by uid 89); 30 Oct 2019 10:55:39 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-6.0 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1 spammy=HTo:U*schwab, H*f:sk:mvmd0ee, H*i:sk:mvmd0ee, HX-Languages-Length:839
X-HELO: us-smtp-1.mimecast.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1572432937;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=yDbKtlEEESM9yxRxn/zmFyeH6QQMtJ4dCS6kQOY1YNI=;
	b=jH9H7OVTNjgDIPLkw4r8Ti1/zjMZSApGwHCAf/QkfrgfLNwczbHoRe/rL3eijFwP3Sl3eG
	yhT/VxvF5VYuOfUMvwENhWc4m0SfbtEM62ey2bojJC6J3jhZH9E8Nc6AaiV5+QcOjZLLn1
	NS3XF32SJiDATSjsEKC9CknQ3Yew00s=
From: Florian Weimer <fweimer@redhat.com>
To: Andreas Schwab <schwab@suse.de>
Cc: libc-alpha@sourceware.org
Subject: Re: [review] manual: Clarify strnlen, wcsnlen, strndup null termination behavior
References: <gerrit.1572431114000.Ia3e68bc2d4d7e967df141702fb2f600cbd4a6432@gnutoolchain-gerrit.osci.io>
	<gerrit.1572431114000.Ia3e68bc2d4d7e967df141702fb2f600cbd4a6432@gnutoolchain-gerrit.osci.io>
	<mvmd0eeh5sb.fsf@suse.de>
Date: Wed, 30 Oct 2019 10:55:00 -0000
In-Reply-To: <mvmd0eeh5sb.fsf@suse.de> (Andreas Schwab's message of "Wed, 30
	Oct 2019 11:44:04 +0100")
Message-ID: <87a79i33kt.fsf@oldenburg2.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-SW-Source: 2019-10/txt/msg00912.txt.bz2

* Andreas Schwab:

> On Okt 30 2019, Florian Weimer (Code Review) wrote:
>
>> +Note that @var{s} must be an array of at least @var{maxlen} bytes.  It
>> +is undefined to call @code{strnlen} on a shorter array, even if it is
>> +known that the shorter array contains a null terminator.
>
> This is not true.  strnlen _always_ stops before the null byte.

This is not how it is specified in POSIX.

Our generic implementation of strnlen performs out-of-bounds pointer
arithmetic in that case, and it looks really iffy:

  const char *char_ptr, *end_ptr =3D str + maxlen;
=E2=80=A6
  if (__glibc_unlikely (end_ptr < str))
    end_ptr =3D (const char *) ~0UL;

GCC does the right thing on x86-64, I think, but that's far from
guaranteed.

And what about wcsnlen?

Thanks,
Florian