From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) by sourceware.org (Postfix) with ESMTPS id D5742385828D for ; Sun, 29 Oct 2023 22:43:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D5742385828D Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=jguk.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=jguk.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D5742385828D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::430 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1698619435; cv=none; b=kCM11EMnVLU/48vs7YA2RbEkUpnYLsVYgjGPPGd5OEbf7xMouUf/6+cRWdrvxgz5zttKIoFOqCVHsTQtzlADJKFShK+TGYNAvZ3PpvvPyIbdn/o+IFnbOeZAxyD/UdOIzt19GiCCgf2b7pyzl4yLHhzX0Gdy+9QnUXlDDhHNFIY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1698619435; c=relaxed/simple; bh=AEEKNxe69CkrUKnRgThEf2Qjw5yl5dXJ4M+Z/umHDdg=; h=DKIM-Signature:Message-ID:Date:MIME-Version:From:Subject:To; b=NWhTTVavKf3W/rBZTHtt1egoQDBIOtOg8FWXxXfewBcS4YSxSD6bQtfCNpU2WJJv2uDe6wA8arcEVQVrjuf6hD3WC2A9Vw8o08Mj3732SKFiV0I4fRAhE5f1z9rIHQHJGEmqyBWMcHeY+FAhQAEwvCRYVvH/jHDW5mQoX4nahvE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-wr1-x430.google.com with SMTP id ffacd0b85a97d-32f78d949daso1224578f8f.1 for ; Sun, 29 Oct 2023 15:43:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jguk.org; s=google; t=1698619431; x=1699224231; darn=sourceware.org; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:subject:from:user-agent:mime-version:date:message-id:from:to :cc:subject:date:message-id:reply-to; bh=vLlkj0DnRJ7ajGkKUQm+bJKe8+AfocmmsfI7jJK8XL0=; b=OMcP5xhesC/rWpz8RZeAzNrKDSD02NU70Mphdrh7ou5kEpsn5hUA8yQ371QFxzh1jS PbHPQ7HXwMWLrF9+HoUWaI1VxQhsS6xTNENTIi380Gga6t4ODSF1ZS8+8XCWc1YsgYae GG91QLy9eI9DQNrmGpgv5ZhzfJad6FtQgCdMeIS5AfY6bPFU11wthwWjeB+kkm8DO9rL YhZJGKH2Pc6Ecwm5/aUgoAW+cYUifB9y5vj6t+5WHA1hXWIe35rDNDS35CyRxnJM18WF de8JHhsjrTvwv5K3vDKItuc68nxTWNsANbXq40s/XhTHYE0h3Warjif4r5IOFuRepeUn DWTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698619431; x=1699224231; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:subject:from:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vLlkj0DnRJ7ajGkKUQm+bJKe8+AfocmmsfI7jJK8XL0=; b=MqBDazAcs3Ebt+Q5ht+zoGxmx/h2hy/a814LFfyr0E+hyy/bLxCJOaR7X53xrYVslO yDCzLvHdRuf6c8LWqUF78euJqBWKL69PdfKKSrF7fFjxeNuWc075xXs4AlMUdso2mo8I cr2iLfXgLYWQyD3+EoDnrcgg9vllxAWyjDV7Ee3av4qY7i7f+e326guWaa3kJFNWxR4a F8K0FuBkG0yrhgVUHChU5wSs3/zVxOjM0wPiKaoYigr+Ie/CoI29EFuReEEtk9/VLgch ThSoN/zKFDLQDMRUU2xiPeixAJ11I1Uc9r84jB9H28hntAN/rahuxAal7PDakl131403 zc7w== X-Gm-Message-State: AOJu0YwasKepE29fSH+M3TTGg+eRx9HzbefSBn7Z+fNzZw3d6dJ469t7 Z2qcy4YHyASQ1mvzak5iicsEtA== X-Google-Smtp-Source: AGHT+IEcDa4ibMlgP2B+YKHGHFF6MHs3XpEEX44nDnFTUn3uf6KEXjK7nHcs7B+N/+oVrOd1Vm801Q== X-Received: by 2002:a05:6000:a8f:b0:32d:a042:3b49 with SMTP id dh15-20020a0560000a8f00b0032da0423b49mr5937758wrb.56.1698619431049; Sun, 29 Oct 2023 15:43:51 -0700 (PDT) Received: from [192.168.0.12] (cpc87345-slou4-2-0-cust172.17-4.cable.virginm.net. [81.101.252.173]) by smtp.gmail.com with ESMTPSA id p1-20020a5d68c1000000b0032db8f7f378sm6783190wrw.71.2023.10.29.15.43.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 29 Oct 2023 15:43:49 -0700 (PDT) Message-ID: <984eaee1-251f-4917-91f3-d19b5f8a95bc@jguk.org> Date: Sun, 29 Oct 2023 22:43:48 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Jonny Grant Subject: Re: glibc misc/sys/cdefs.h nonull - typo in comment To: Paul Eggert Cc: Adhemerval Zanella Netto , GNU C Library , Xi Ruoyao References: <25d0b6fa-7b45-3f8e-946a-ad3256e211a4@jguk.org> <0d99df74-fb83-1647-ca19-17d2229f0ae0@linaro.org> <514c11a4-405b-f7f3-9a67-0b6c10ad7740@jguk.org> <21bc9125ab8ced26aa85f3f787f084c4af460a18.camel@xry111.site> <84e4081c-35ef-4f2d-89d0-0fea04732737@cs.ucla.edu> Content-Language: en-GB In-Reply-To: <84e4081c-35ef-4f2d-89d0-0fea04732737@cs.ucla.edu> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 29/10/2023 05:24, Paul Eggert wrote: > On 2023-10-28 16:50, Jonny Grant wrote: >> Could you give an example of a POSIX API text you refer to that specifies many arguments should not be NULL? > > "If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer), the behavior is undefined." > > https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/functions/V2_chap02.html#tag_15_01_01 Thank you for sharing the link. Yes, I've seen that everything not detailed on a particular function description would be UB. glibc does go beyond POSIX and set errno to EFAULT if a null pointer constant is passed. https://man7.org/linux/man-pages/man2/olduname.2.html Although I looked at glibc/posix/uname.c and it has EINVAL there, couldn't spot where the EFAULT comes from, probably there is another file. The POSIX pages don't specify any error checking for uname(). https://man7.org/linux/man-pages/man3/uname.3p.html https://pubs.opengroup.org/onlinepubs/009604599/functions/uname.html It might be too difficult to get behaviors described for the null pointer constant in the POSIX standard for something like uname(). Other functions do check parameters, like the way write() checks fd, and setting errno EBADF if it's not a valid file descriptor. > > This wording is copied from the C Standard. > > > The April 2023 working draft of C23 has adjusted the wording to be the following, and I expect POSIX to follow suit eventually. Notice the new restrictions: > > "If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after default argument promotion) not expected by a function with a variable number of arguments, the behavior is undefined. > > "If a function argument is described as being an array, the pointer actually passed to the function shall have a value such that all address computations and accesses to objects (that would be valid if the pointer did point to the first element of such an array) are in fact valid.[210] > > "[210] This includes, for example, passing a valid pointer that points one-past-the-end of an array along with a size of 0, or using any valid pointer with a size of 0." It is good it is being clarified further.