From: Rich Felker <dalias@libc.org>
To: Jens Gustedt <Jens.Gustedt@inria.fr>
Cc: musl@lists.openwall.com
Subject: Re: [musl] [C23 new stdlib 3/4] C23: implement the new strfrom[dfl] functions
Date: Wed, 24 May 2023 17:42:38 -0400 [thread overview]
Message-ID: <20230524214238.GE4163@brightrain.aerifal.cx> (raw)
In-Reply-To: <e27bd34041b55e888d091bdeb65ab95c31f0b0cb.1684932892.git.Jens.Gustedt@inria.fr>
On Wed, May 24, 2023 at 09:38:53PM +0200, Jens Gustedt wrote:
> These names had been reserved in C17, so it is not necessary to hide
> these function in conditionals or to make the symbols weak.
> ---
> include/stdlib.h | 4 ++++
> src/stdlib/strfromd.c | 21 +++++++++++++++++++++
> 2 files changed, 25 insertions(+)
> create mode 100644 src/stdlib/strfromd.c
>
> diff --git a/include/stdlib.h b/include/stdlib.h
> index 68993c04..43173e95 100644
> --- a/include/stdlib.h
> +++ b/include/stdlib.h
> @@ -29,6 +29,10 @@ float strtof (const char *__restrict, char **__restrict);
> double strtod (const char *__restrict, char **__restrict);
> long double strtold (const char *__restrict, char **__restrict);
>
> +int strfromd(char *restrict, size_t, const char *restrict, double);
> +int strfromf(char *restrict, size_t, const char *restrict, float);
> +int strfroml(char *restrict, size_t, const char *restrict, long double);
> +
> long strtol (const char *__restrict, char **__restrict, int);
> unsigned long strtoul (const char *__restrict, char **__restrict, int);
> long long strtoll (const char *__restrict, char **__restrict, int);
> diff --git a/src/stdlib/strfromd.c b/src/stdlib/strfromd.c
> new file mode 100644
> index 00000000..c04a1d82
> --- /dev/null
> +++ b/src/stdlib/strfromd.c
> @@ -0,0 +1,21 @@
> +#include <stdlib.h>
> +#include <stdio.h>
> +#include <string.h>
> +
> +int strfromd(char *restrict s, size_t n, const char *restrict format, double fp) {
> + return snprintf(s, n, format, fp);
> +}
> +
> +int strfromf(char *restrict s, size_t n, const char *restrict format, float fp) {
> + return snprintf(s, n, format, fp);
> +}
> +
> +int strfroml(char *restrict s, size_t n, const char *restrict format, long double fp) {
> + size_t len = strlen(format);
> + char ff[len+2];
> + memcpy(ff, format, len-1);
> + ff[len-1] = 'L';
> + ff[len] = format[len-1];
> + ff[len+1] = 0;
> + return snprintf(s, n, ff, fp);
> +}
> --
> 2.34.1
The temp buffer of unbounded length is kinda a problem here,
especially if they might be used with untrusted input. This is kinda
sketchy to begin with since, AIUI, the "shall only..." language in the
spec makes it UB to pass a format that's not valid, but one could
imagine a program correctly validating formats with a regex like
/%([.][0-9]*)?[aAeEfFgG]/ but not imposing a length limit.
The safe thing to do would probably be stripping leading zeros and
then substituting "9999999999" or something if there are more than 10
digits remaining. For width (not supported here) this would
necessarily cause EOVERFLOW, but for precision, it might not. In any
case, then the entire format fits in a small fixed-length buffer and
has no risk of stack smashing.
Rich
next prev parent reply other threads:[~2023-05-24 21:42 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-24 19:38 [musl] [C23 new stdlib 0/4] changes in stdlib.h Jens Gustedt
2023-05-24 19:38 ` [musl] [C23 new stdlib 1/4] C23: add the new interfaces free_sized and free_aligned_sized for stdlib.h Jens Gustedt
2023-05-24 21:31 ` Rich Felker
2023-05-25 9:38 ` Jₑₙₛ Gustedt
2023-05-25 12:57 ` Rich Felker
2023-05-24 19:38 ` [musl] [C23 new stdlib 2/4] C23: add the memalignment function Jens Gustedt
2023-05-24 21:28 ` Rich Felker
2023-05-24 22:12 ` Rich Felker
2023-05-25 9:17 ` Jₑₙₛ Gustedt
2023-05-25 9:16 ` Jₑₙₛ Gustedt
2023-05-25 9:42 ` NRK
2023-05-25 13:07 ` Rich Felker
2023-05-25 14:05 ` Jₑₙₛ Gustedt
2023-05-25 14:34 ` Rich Felker
2023-05-25 15:22 ` Jₑₙₛ Gustedt
2023-06-01 13:35 ` Alexander Monakov
2023-06-01 19:08 ` Rich Felker
2023-06-02 8:07 ` Jₑₙₛ Gustedt
2023-06-02 8:03 ` Jₑₙₛ Gustedt
2023-06-02 8:37 ` Alexander Monakov
2023-05-24 19:38 ` [musl] [C23 new stdlib 3/4] C23: implement the new strfrom[dfl] functions Jens Gustedt
2023-05-24 21:42 ` Rich Felker [this message]
2023-05-24 19:38 ` [musl] [C23 new stdlib 4/4] C23: add the new include guard to stdlib.h Jens Gustedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230524214238.GE4163@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=Jens.Gustedt@inria.fr \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).