From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4445 Path: news.gmane.org!not-for-mail From: Raphael Cohn Newsgroups: gmane.linux.lib.musl.general Subject: Re: musl & strndupa? Date: Wed, 1 Jan 2014 20:07:07 +0000 Message-ID: References: <20140101195411.GP24286@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=001a11334474ab9c0f04eeee38ec X-Trace: ger.gmane.org 1388606837 21034 80.91.229.3 (1 Jan 2014 20:07:17 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 1 Jan 2014 20:07:17 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4449-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jan 01 21:07:25 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VyS4a-0007WU-E3 for gllmg-musl@plane.gmane.org; Wed, 01 Jan 2014 21:07:24 +0100 Original-Received: (qmail 19852 invoked by uid 550); 1 Jan 2014 20:07:21 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 19841 invoked from network); 1 Jan 2014 20:07:20 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=G2MHfOINNC4tXr18n2LSflcsY2c10VRc+jELvJyhztg=; b=czWa63jGZDAzuGl6mnFJVRYUvh2j5lvZmZ1q2wbyv1JmSA8+Zfvx5o2V7CXknEO+9s KDbuWjILCHM5HSNfsRSJ88qe4Ye/vimkJ0a634i9WNyOu/dr8LnAz8PRdzsKJDA+XJ+P IH44Tw//DnMht8frbgq45B8qlIVE5UgmS3N8+et+wxpqP6DY0OZD2XsMh6DqWHeM1Gsy PfP9N0wuBXjZLrpdzM80pbzlYfcELT/SH28GxQB4PiVN/SzVpdVw8uzVITPVmxUSSOeW ZZzsqvY2ZtcXnXjNQ8i9Rh+zZlNkuZtUu4M+4zvkupXvIrnDpSm11eXT3QKl9rJvY930 nx7A== X-Gm-Message-State: ALoCoQltaHsuUPG+553vV5Vw+Um47oir0q+fVvm+QkZ4MxAQl0EkrNXUHmpq+Vu8ahcpH8u6Rq1D X-Received: by 10.60.43.193 with SMTP id y1mr52941833oel.15.1388606827233; Wed, 01 Jan 2014 12:07:07 -0800 (PST) X-Originating-IP: [2001:8b0:862:b944:4124:b77b:3c6f:cb27] In-Reply-To: <20140101195411.GP24286@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:4445 Archived-At: --001a11334474ab9c0f04eeee38ec Content-Type: text/plain; charset=UTF-8 Rich, Thank you for the extremely informative and quick response! I suspect in the small, understandable places that use this function in this package it should be possible to avoid multiple evaluations (well, at least for this version of the code; no g'tee that would hold). Out of interest, I presume there's no guarantee that alloca is aligned? It's not a feature I've ever used - it seems like a micro-optimisation for tight loops that should be made as part of a decision by a higher-level language (eg Vala, which, as I understand, doesn't). BTW, This package has a few more issues than just musl ones... it doesn't understand cross-compilation for starters, makes insane use of code generation (always a big smell in my book, especially when done using a compiled language). Looks like it suffers from not enough peer review / usage... Raphael Cohn Chief Architect, stormmq Co-Chair, OASIS MQTT Standard Secretary, OASIS AMQP Standard raphael.cohn@stormmq.com +44 7590 675 756 UK Office: Hamblethorpe Farm, Crag Lane, Bradley BD20 9DB, North Yorkshire, United Kingdom Telephone: +44 845 3712 567 Registered office: 16 Anchor Street, Chelmsford, Essex, CM2 0JY, United Kingdom StormMQ Limited is Registered in England and Wales under Company Number 07175657 StormMQ.com On 1 January 2014 19:54, Rich Felker wrote: > On Wed, Jan 01, 2014 at 07:42:47PM +0000, Raphael Cohn wrote: > > Hi, > > > > I'm trying to compile 'audit' (aka libaudit, auditd, etc - from > > http://people.redhat.com/sgrubb/audit/index.html version 2.3.2). Using > musl > > 0.9.14. > > > > The file 'src/ausearch-lol.c' uses a reference to 'strndupa', which I > > presume is an alloca version of strndup, and presumably a _GNU_SOURCE > > feature. I can't seem to see a definition for it in musl, although > strdupa > > exists in string.h (Indeed, http://linux.die.net/man/3/strdup suggests > as > > much). > > > > Is this intentional? If so, what would anyone suggest as a work around? > My > > guess would be #define strndupa(x, t) strncpy(alloca(strlen(x)+1),x,t) > > but I'd like a second opinion... > > That's roughly the way to do it, but you need strnlen, not strlen, and > there are various other details like properly parenthesizing macro > arguments. In addition, there's no way to avoid multiple-evaluations > of arguments unless you use the GNU C statement-expressions extension. > > It should be noted that almost any use of alloca is either a bug > (potentially exploitable stack overflow) or useless (because the size > is bounded and thus could/should just be replaced by a fixed-size > array). This is the main reason I've been hesitant to go to the > trouble of providing this and dealing with the multiple-evaluation or > #ifdef __GNUC__ issue -- really, any software using alloca (and by > extension, strdupa or strndupa) should be fixed. > > Rich > --001a11334474ab9c0f04eeee38ec Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Rich,

Thank you for the extremely informative = and quick response! I suspect in the small, understandable places that use = this function in this package it should be possible to avoid multiple evalu= ations (well, at least for this version of the code; no g'tee that woul= d hold).

Out of interest, I presume there's no guarantee that alloca i= s aligned? It's not a feature I've ever used - it seems like a micr= o-optimisation for tight loops that should be made as part of a decision by= a higher-level language (eg Vala, which, as I understand, doesn't).

BTW, This package has a few more issues than just musl ones... it = doesn't understand cross-compilation for starters, makes insane use of = code generation (always a big smell in my book, especially when done using = a compiled language). Looks like it suffers from not enough peer review / u= sage...

Raphael Cohn<= br>Chief Architect, stormmq
Co-Chair, OASIS MQTT Standard
Secre= tary, OASIS AMQP Standard
raphael.cohn@stormmq.com
+44 7590 675 756

UK Office:
Hamblethorpe Farm, Crag = Lane, Bradley BD20 9DB, North Yorkshire, United Kingdom
Telephone: +44 8= 45 3712 567

Registered office:
16 Anchor Street, Chelmsford, Essex, CM2 0JY, U= nited Kingdom
StormMQ Limited is Registered in England and Wales under Company Number 071= 75657
StormMQ.com


On 1 January 2014 19:54, Rich Felker <d= alias@aerifal.cx> wrote:
On Wed, Jan 01, 2014 at 07:42:47PM = +0000, Raphael Cohn wrote:
> Hi,
>
> I'm trying to compile 'audit' (aka libaudit, auditd, etc -= from
> http://people.redhat.com/sgrubb/audit/index.html version 2.3.2= ). Using musl
> 0.9.14.
>
> The file 'src/ausearch-lol.c' uses a reference to 'strndup= a', which I
> presume is an alloca version of strndup, and presumably a _GNU_SOURCE<= br> > feature. I can't seem to see a definition for it in musl, although= strdupa
> exists in string.h (Indeed, http://linux.die.net/man/3/strdup suggests as
> much).
>
> Is this intentional? If so, what would anyone suggest as a work around= ? My
> guess would be =C2=A0#define strndupa(x, t) strncpy(alloca(strlen(x)+1= ),x,t)
> but I'd like a second opinion...

That's roughly the way to do it, but you need strnlen, not = strlen, and
there are various other details like properly parenthesizing macro
arguments. In addition, there's no way to avoid multiple-evaluations of arguments unless you use the GNU C statement-expressions extension.

It should be noted that almost any use of alloca is either a bug
(potentially exploitable stack overflow) or useless (because the size
is bounded and thus could/should just be replaced by a fixed-size
array). This is the main reason I've been hesitant to go to the
trouble of providing this and dealing with the multiple-evaluation or
#ifdef __GNUC__ issue -- really, any software using alloca (and by
extension, strdupa or strndupa) should be fixed.

Rich

--001a11334474ab9c0f04eeee38ec--