From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=BIxa=AL=redhat.com=fweimer@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by sourceware.org (Postfix) with ESMTPS id E33663858D37
	for <libc-alpha@sourceware.org>; Thu, 20 Apr 2023 10:55:37 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E33663858D37
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1681988137;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=z/Q6CfWyHaWFMrIocuGwhF3ydbSsxIyE1mZ4D7QKDYA=;
	b=evAyc9ZOkFqLGsfvexDpbINfPIwsww3eYjvR5RFKQn2bjeSmMBDbzyz4MU+tqjFnfehcUn
	/W+eByYUu3ypRk6iQTTb4lvh+RNiv1TQpIQD44x4oaX7qkvdd2mOtUM2/poMk9deSCXviT
	vcEh6m26tLPhfarI2Y+YoD6v9LF3cAg=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-250-QRMnAQ4JMoymCyNv4RqQBg-1; Thu, 20 Apr 2023 06:55:34 -0400
X-MC-Unique: QRMnAQ4JMoymCyNv4RqQBg-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 42220185A791;
	Thu, 20 Apr 2023 10:55:34 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.2.16.5])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B044B2166B33;
	Thu, 20 Apr 2023 10:55:33 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Siddhesh Poyarekar <siddhesh@gotplt.org>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH 1/2] Implement strlcpy and strlcat [BZ #178]
References: <cover.1680693362.git.fweimer@redhat.com>
	<f2b8dcd6c84557b79f1398c0ca3e55d0f3b10584.1680693362.git.fweimer@redhat.com>
	<c94c260d-5ac5-04f4-20b8-8af31cd0e5e7@gotplt.org>
Date: Thu, 20 Apr 2023 12:55:32 +0200
In-Reply-To: <c94c260d-5ac5-04f4-20b8-8af31cd0e5e7@gotplt.org> (Siddhesh
	Poyarekar's message of "Thu, 6 Apr 2023 10:22:55 -0400")
Message-ID: <87ildqesbf.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

* Siddhesh Poyarekar:

>> index 673cfd7272..0c78ad2539 100644
>> --- a/include/string.h
>> +++ b/include/string.h
>> @@ -88,6 +88,10 @@ libc_hidden_proto (__stpcpy)
>>   # define __stpcpy(dest, src) __builtin_stpcpy (dest, src)
>>   #endif
>>   libc_hidden_proto (__stpncpy)
>> +extern __typeof (strlcpy) __strlcpy;
>> +libc_hidden_proto (__strlcpy)
>> +extern __typeof (strlcat) __strlcat;
>> +libc_hidden_proto (__strlcat)
>>   libc_hidden_proto (__rawmemchr)
>>   libc_hidden_proto (__strcasecmp)
>>   libc_hidden_proto (__strcasecmp_l)
>
> Do we want to delay doing this until we have an actual internal use of
> these interfaces?

The *_chk functions need these aliases today.

>> +__fortify_function size_t
>> +__NTH (strlcat (char *__restrict __dest, const char *__restrict __src,
>> +		size_t __n))
>> +{
>> +  if (__glibc_objsize (__dest) != (size_t) -1
>> +      && (!__builtin_constant_p (__n > __glibc_objsize (__dest))
>> +	  || __n > __glibc_objsize (__dest)))
>> +    return __strlcat_chk (__dest, __src, __n, __glibc_objsize (__dest));
>> +  return __strlcat_alias (__dest, __src, __n);
>> +}
>> +#endif /* __USE_MISC */
>> +
>
> Couldn't we use the __glibc_fortify macros here?

Do you have a concrete proposal?  I was just following what we have for
stpncpy and other functions.

I don't think it's possible to use the generic macros for
wcslcpy/wcslcat because of the bytes vs wide characters distinction.

>> +size_t
>> +__strlcpy (char *__restrict dest, const char *__restrict src, size_t size)
>> +{
>> +  size_t src_length = strlen (src);
>> +
>> +  if (__glibc_unlikely (src_length >= size))
>> +    {
>> +      if (size > 0)
>> +	{
>> +	  /* Copy the leading portion of the string.  The last
>> +	     character is subsequently overwritten with the NUL
>> +	     terminator, but the destination size is usually a
>> +	     multiple of a small power of two, so writing it twice
>> +	     should be more efficient than copying an odd number of
>> +	     bytes.  */
>> +	  memcpy (dest, src, size);
>> +	  dest[size - 1] = '\0';
>> +	}
>> +    }
>> +  else
>> +    /* Copy the string and its terminating NUL character.  */
>> +    memcpy (dest, src, src_length + 1);
>
> size == 0 is undefined anyway; we return without touching the dest
> because that's convenient for us.  OK.

size == 0 is defined in OpenBSD via snprintf equivalence, but maybe
that's over-interpreting the manual page.

Thanks,
Florian