From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/10402
Path: news.gmane.org!.POSTED!not-for-mail
From: Rich Felker <dalias@libc.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: [PATCH] fix strdupa evaulating expression twice
Date: Sun, 28 Aug 2016 11:08:16 -0400
Message-ID: <20160828150816.GF15995@brightrain.aerifal.cx>
References: <CADtAWjDn6K+rt=WcgeB1qqA06_DUo2QXY2-x-QLztw1ixkHOtw@mail.gmail.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: blaine.gmane.org 1472396917 18031 195.159.176.226 (28 Aug 2016 15:08:37 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sun, 28 Aug 2016 15:08:37 +0000 (UTC)
User-Agent: Mutt/1.5.21 (2010-09-15)
To: musl@lists.openwall.com
Original-X-From: musl-return-10415-gllmg-musl=m.gmane.org@lists.openwall.com Sun Aug 28 17:08:34 2016
Return-path: <musl-return-10415-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.84_2)
	(envelope-from <musl-return-10415-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1be1hG-00048F-Ls
	for gllmg-musl@m.gmane.org; Sun, 28 Aug 2016 17:08:30 +0200
Original-Received: (qmail 5727 invoked by uid 550); 28 Aug 2016 15:08:29 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 5709 invoked from network); 28 Aug 2016 15:08:29 -0000
Content-Disposition: inline
In-Reply-To: <CADtAWjDn6K+rt=WcgeB1qqA06_DUo2QXY2-x-QLztw1ixkHOtw@mail.gmail.com>
Original-Sender: Rich Felker <dalias@aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:10402
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/10402>

On Sun, Aug 28, 2016 at 10:59:26AM +0000, Noam Meltzer wrote:
> 

> From bf23b7b8fd39eaca6a05173eaf543e1bce3319ab Mon Sep 17 00:00:00 2001
> From: Noam Meltzer <tsnoam@gmail.com>
> Date: Sun, 28 Aug 2016 13:53:24 +0300
> Subject: [PATCH] fix strdupa evaulating expression twice
> 
> calling strdupa with va_arg as its expression caused unexpected
> behaviour. now the expression is evaulated only once.
> ---
>  include/string.h | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/include/string.h b/include/string.h
> index ff9badb..976faaf 100644
> --- a/include/string.h
> +++ b/include/string.h
> @@ -85,7 +85,10 @@ size_t strlcpy (char *, const char *, size_t);
>  #endif
>  
>  #ifdef _GNU_SOURCE
> -#define	strdupa(x)	strcpy(alloca(strlen(x)+1),x)
> +#define	strdupa(x) (__extension__ ({ \
> +		const char *__xval = x; \
> +		strcpy(alloca(strlen(__xval)+1),__xval); \
> +	}))
>  int strverscmp (const char *, const char *);
>  int strcasecmp_l (const char *, const char *, locale_t);
>  int strncasecmp_l (const char *, const char *, size_t, locale_t);

The intent of the form as written is to be actual C (modulo use of
alloca) rather than "GNU C". Aside from that, strdupa is essentially
always-unsafe and should probably be removed or at least made into a
warning...

Rich