From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from brown.birch.relay.mailchannels.net (brown.birch.relay.mailchannels.net [23.83.209.23]) by sourceware.org (Postfix) with ESMTPS id EEE333858427 for ; Mon, 11 Apr 2022 08:02:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EEE333858427 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id B5A9412133F; Mon, 11 Apr 2022 08:02:49 +0000 (UTC) Received: from pdx1-sub0-mail-a306.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 4F29E1216CD; Mon, 11 Apr 2022 08:02:46 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1649664168; a=rsa-sha256; cv=none; b=eq2e8wMghIqSdmpzu7rnhHVJUg2CImTDk3LTb6TjfON+yis8INX4Aai8FDajVxEHI3OjNL LSqy12onHwXequrwJtTQhRlAMgoxvQJZtSYw2tsX7Puc6jLpXvPiOIGP8TPYpnTs8iS0uY h5ra1AmIrNh69CsLnmsb+Qtl3VXXqswnlS04RntbCN/wCqQU1GfRVhq0BcGfHrQqX7yokE T9uImbV21tesehd0KxMvWfwJlg37HgEkS9Lmnvw6xCfr7hkSdnF0u0HrAEPkiA4MGADJ3N R+sUVLr8GMbZfWNuum/5sfD0zMedAsngmpaZaRBdg8CujpcHNz5mqN2yh1bUgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1649664168; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VEaHn+bIY9C0IlDmBNt30XkJS/Pg7+Pf8APmBOwE84A=; b=wrgM++gLCFQnuQ+kit2vGTDBuF4nny7nRnANcjG3JRdnQOMT3hTMMCHCgErvjJlPtXlIvQ pX8f+piw0Ib56JjnZu0ZFr23ocE+ORAjhovGVytmUZjXdfOxSPpBIz89KbqAfi+V5HywIO t7NJCI+rgSut/N+x5aafKwnDIHfHTqP5ZkVC/gBDhSV5dw3m7xWxga2+2wdJ+iddywY2iX Iy7FdnBgexmTVn9BSzXS4oYSYgE2Ko6A+k6tuLsKpnqJXi/NcfE1rSYQQoPU4bRXkBLDjd HhUqbIDCjOS7qrYoLRK2StetAvzB05NyWKZlGRudh7wsRXA76bdHAB00vtP2Gg== ARC-Authentication-Results: i=1; rspamd-68f9d8f9d5-75hbz; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a306.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.120.38.135 (trex/6.7.1); Mon, 11 Apr 2022 08:02:49 +0000 X-MC-Relay: Junk X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Stop-Well-Made: 4c54e45413530c97_1649664169099_3400770816 X-MC-Loop-Signature: 1649664169099:3775431819 X-MC-Ingress-Time: 1649664169099 Received: from [192.168.1.174] (unknown [1.186.223.40]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a306.dreamhost.com (Postfix) with ESMTPSA id 4KcLtq6jskz1P5; Mon, 11 Apr 2022 01:02:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1649664166; bh=VEaHn+bIY9C0IlDmBNt30XkJS/Pg7+Pf8APmBOwE84A=; h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding; b=AIM7QifGy6NXVFfjfO1MPQdVONz0alT23lhkvtQKOelBW7TgfSRNXyAFBW1Vj833c wy4EmxovWmEoCETyBHqFQ4vBNqmSmC7wLxZTWXdOlo+wRHNTuXh6PlVt48GaNJXmGs fGi4AwW63AAFGJgwlC7fS/dByBd1wHuLDqkwJ8IHs/+WaVlgNv6DGtanv93M3GeduR 9o/dRMrVaaIxhDIBUYnZt8v51fXv6pA9KdIZ2UcaWXdr3c/isRE5UqdTmSgQO0rLGJ lZ0eU+TJrKDR3c08EQ5WHbYJeDgF8vnsoXS6efcuwmqPmba9lrVt7RZCwGOgIYJiO1 c7DzOMztGuwPw== Message-ID: Date: Mon, 11 Apr 2022 13:32:38 +0530 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [RFC] _FORTIFY_SOURCE strictness Content-Language: en-US To: Paul Eggert Cc: Jakub Jelinek , libc-alpha@sourceware.org, Andreas Schwab , Florian Weimer , Thomas Dickey References: <87o81cp249.fsf@oldenburg.str.redhat.com> <70cbbf38-2d0f-f12b-43b7-dd9503135da2@gotplt.org> From: Siddhesh Poyarekar In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3032.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_SHORT, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Apr 2022 08:02:55 -0000 On 09/04/2022 02:37, Paul Eggert wrote: > On 4/7/22 23:02, Siddhesh Poyarekar wrote: >> Hmm, I think I conflated it with something other str* function. >> You're right, strncpy probably doesn't fall into this category. > > Ouch, I made the same mistake. > > As for wcrtomb, unfortunately the standard's wording appears to allow > you to pass an output buffer smaller than MB_CUR_MAX if you know that > the multibyte character will fit into the smaller buffer. So I guess > this is an example of a function where __FORTIFY_LEVEL > 2 doesn't > conform to the standard. > > I don't know whether the standard's authors intended this. > Thomas (in cc, he maintains ncurses) found that the manual documents[1] the fact that the glibc implementation of wcrtomb assumes the destination buffer to have at least MB_CUR_MAX bytes, so this looks more like a situation where we *deliberately* deviate from the standard. If we decide to comply with the standard now we would incur an additional copy from an internal buffer to the destination with in addition to wrappers to pass the object size from the checking variant whenever available. The question then is whether that's the direction we want to take in glibc. Siddhesh [1] https://www.gnu.org/software/libc/manual/html_node/Converting-a-Character.html