Re: glibc strerrorname_np

[Jonny Grant <jg@jguk.org>]

Hi Adhemerval, Thank you for you reply.

On 04/11/2021 20:46, Adhemerval Zanella wrote:
> 
> 
> On 04/11/2021 17:23, Jonny Grant wrote:
>> Hi Carlos
>> I was pleased to see you added strerrorname_np()
>>
>> May I ask, I couldn't find the file your implementation is in - could you point it out to me in the glibc repository please?
> 
> It is on string/strerrorname_np.c, which calls __get_errname() defined at
> stdio-common/errlist.c.

Ok yes, I see in glibc/stdio-common/errlist.c the __get_errname() implementation.

>> I noticed on the man page it may return NULL, which is a shame, as then it means we always need to check that before using in every printf etc :-
>>
>> printf("err %s\n", strerrorname_np(myerr)?strerrorname_np(myerr), "Unknown err");
> 
> I didn't considered printf() when I added strerrorname_np(). Maybe an empty string ("")
> would be better than NULL.

Yes, "" empty string sounds great.
 
>> I'd done my own version a while ago as strerrno_s(), and assumed I could never get it accepted anywhere like glibc.
>> Probably I should have tried to submit it to glibc!
>> https://github.com/jonnygrant/safec/blob/master/strerrno.c
>>
>> Would something like my implementation ever be accepted?
>> errno_t strerrno_s(char * const buf, const rsize_t buflen, const errno_t errnum)
> 
> So this is basically:
> 
>   int strerrno_s (char *buf, size_t buflen, int errnum)
>   {
>     const char *r = strerrorname_np (errnum);
>     __snprintf (buf, buflen, "%s", r == NULL ? "" : r);
>     return errnum;
>   }
> 
> I don't see much gain on adding another wrapper to format errno, the idea of
> strerrorname_np() was to provide a async-signal-safe way to map errno to
> string (by avoiding translation).

Yes, I should migrate to your strerrorname_np() version soon. If you could change it to return "" instead of NULL, that would be very much appreciated to avoid any accidental SEGV.

>> Last quick question, do you know why strerror_r() is considered safer than strerror()? I guess someone could trash the memory returned by it?
>>
>> char * errstr = strerror(EINVAL);
>> errstr[0] = '\0';  // trashed the process copy of the string. (or even SEGV it, if it was in some static section of the ELF?)
> 
> It is undefined-behavior when you modify the return value (both C and POSIX
> are explicit about it). On glibc, both strerror() and strerror_l() returns
> the same thread local buffer (so you might modify in a thread-safe manner). 


Thank you
Jonny