From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4443 Path: news.gmane.org!not-for-mail From: Raphael Cohn Newsgroups: gmane.linux.lib.musl.general Subject: musl & strndupa? Date: Wed, 1 Jan 2014 19:42:47 +0000 Message-ID: Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=001a11c1d6a8aa56f004eeede1c3 X-Trace: ger.gmane.org 1388605374 7237 80.91.229.3 (1 Jan 2014 19:42:54 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 1 Jan 2014 19:42:54 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4447-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jan 01 20:43:02 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VyRh0-00067Y-0V for gllmg-musl@plane.gmane.org; Wed, 01 Jan 2014 20:43:02 +0100 Original-Received: (qmail 7784 invoked by uid 550); 1 Jan 2014 19:43:00 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 7773 invoked from network); 1 Jan 2014 19:43:00 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=Fln4PedCtPFcX8j/fNxPFINk6s+lUFIArS0lhoygITw=; b=dgfpKBHsvlyh4Z3KYOXFIfRyhXmzX48E2fVPQ/4e41wozRsoiXH/9SzqToD+ZZTipu aI07JYVNIe9Ew9Ry4mle6JXyQAm6dCtjgcrYgj0p8cnqcpTCbhD5h7aqRD3FGcxaQeVM f6jHGvux5ICTMrU5NoLmdnYzAZOxosG5g+RmFhWDEnpBC8dGy4Czd/0rAjtqdSzBtO7h QKCcwAL2NObQsFuwm2x4wKOP5UlgfINUIYjTq/BpG9ym2tMhIpco36dqfIJlnWY+b2Ug H5SN1u8MzUn/FM8yG9cqqj4KeLNxMeOg0hA10WkI+B2yPoRUazbY8ZpT5qZ2H/VguwRG TcAQ== X-Gm-Message-State: ALoCoQmvTfMXuI+bCh/guA2172P8e5rbjU4FoIMYg+PmA0EWG35ZgBu3JIlPmqjBCMDU26X3XBsD X-Received: by 10.60.65.5 with SMTP id t5mr53076398oes.19.1388605367533; Wed, 01 Jan 2014 11:42:47 -0800 (PST) X-Originating-IP: [2001:8b0:862:b944:4124:b77b:3c6f:cb27] Xref: news.gmane.org gmane.linux.lib.musl.general:4443 Archived-At: --001a11c1d6a8aa56f004eeede1c3 Content-Type: text/plain; charset=UTF-8 Hi, I'm trying to compile 'audit' (aka libaudit, auditd, etc - from http://people.redhat.com/sgrubb/audit/index.html version 2.3.2). Using musl 0.9.14. The file 'src/ausearch-lol.c' uses a reference to 'strndupa', which I presume is an alloca version of strndup, and presumably a _GNU_SOURCE feature. I can't seem to see a definition for it in musl, although strdupa exists in string.h (Indeed, http://linux.die.net/man/3/strdup suggests as much). Is this intentional? If so, what would anyone suggest as a work around? My guess would be #define strndupa(x, t) strncpy(alloca(strlen(x)+1),x,t) but I'd like a second opinion... Raph --001a11c1d6a8aa56f004eeede1c3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Is this intentional? If so, what would anyone suggest as a work a= round? My guess would be=C2=A0 #define strndupa(x, t) strncpy(alloca(strlen= (x)+1),x,t)=C2=A0 but I'd like a second opinion...
Raph

--001a11c1d6a8aa56f004eeede1c3-- From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4444 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: musl & strndupa? Date: Wed, 1 Jan 2014 14:54:11 -0500 Message-ID: <20140101195411.GP24286@brightrain.aerifal.cx> References: Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1388606057 14381 80.91.229.3 (1 Jan 2014 19:54:17 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 1 Jan 2014 19:54:17 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4448-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jan 01 20:54:25 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VyRs1-0005QS-GA for gllmg-musl@plane.gmane.org; Wed, 01 Jan 2014 20:54:25 +0100 Original-Received: (qmail 14269 invoked by uid 550); 1 Jan 2014 19:54:24 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 14261 invoked from network); 1 Jan 2014 19:54:24 -0000 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:4444 Archived-At: On Wed, Jan 01, 2014 at 07:42:47PM +0000, Raphael Cohn wrote: > Hi, > > I'm trying to compile 'audit' (aka libaudit, auditd, etc - from > http://people.redhat.com/sgrubb/audit/index.html version 2.3.2). Using musl > 0.9.14. > > The file 'src/ausearch-lol.c' uses a reference to 'strndupa', which I > presume is an alloca version of strndup, and presumably a _GNU_SOURCE > feature. I can't seem to see a definition for it in musl, although strdupa > exists in string.h (Indeed, http://linux.die.net/man/3/strdup suggests as > much). > > Is this intentional? If so, what would anyone suggest as a work around? My > guess would be #define strndupa(x, t) strncpy(alloca(strlen(x)+1),x,t) > but I'd like a second opinion... That's roughly the way to do it, but you need strnlen, not strlen, and there are various other details like properly parenthesizing macro arguments. In addition, there's no way to avoid multiple-evaluations of arguments unless you use the GNU C statement-expressions extension. It should be noted that almost any use of alloca is either a bug (potentially exploitable stack overflow) or useless (because the size is bounded and thus could/should just be replaced by a fixed-size array). This is the main reason I've been hesitant to go to the trouble of providing this and dealing with the multiple-evaluation or #ifdef __GNUC__ issue -- really, any software using alloca (and by extension, strdupa or strndupa) should be fixed. Rich From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4445 Path: news.gmane.org!not-for-mail From: Raphael Cohn Newsgroups: gmane.linux.lib.musl.general Subject: Re: musl & strndupa? Date: Wed, 1 Jan 2014 20:07:07 +0000 Message-ID: References: <20140101195411.GP24286@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=001a11334474ab9c0f04eeee38ec X-Trace: ger.gmane.org 1388606837 21034 80.91.229.3 (1 Jan 2014 20:07:17 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 1 Jan 2014 20:07:17 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4449-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jan 01 21:07:25 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VyS4a-0007WU-E3 for gllmg-musl@plane.gmane.org; Wed, 01 Jan 2014 21:07:24 +0100 Original-Received: (qmail 19852 invoked by uid 550); 1 Jan 2014 20:07:21 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 19841 invoked from network); 1 Jan 2014 20:07:20 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=G2MHfOINNC4tXr18n2LSflcsY2c10VRc+jELvJyhztg=; b=czWa63jGZDAzuGl6mnFJVRYUvh2j5lvZmZ1q2wbyv1JmSA8+Zfvx5o2V7CXknEO+9s KDbuWjILCHM5HSNfsRSJ88qe4Ye/vimkJ0a634i9WNyOu/dr8LnAz8PRdzsKJDA+XJ+P IH44Tw//DnMht8frbgq45B8qlIVE5UgmS3N8+et+wxpqP6DY0OZD2XsMh6DqWHeM1Gsy PfP9N0wuBXjZLrpdzM80pbzlYfcELT/SH28GxQB4PiVN/SzVpdVw8uzVITPVmxUSSOeW ZZzsqvY2ZtcXnXjNQ8i9Rh+zZlNkuZtUu4M+4zvkupXvIrnDpSm11eXT3QKl9rJvY930 nx7A== X-Gm-Message-State: ALoCoQltaHsuUPG+553vV5Vw+Um47oir0q+fVvm+QkZ4MxAQl0EkrNXUHmpq+Vu8ahcpH8u6Rq1D X-Received: by 10.60.43.193 with SMTP id y1mr52941833oel.15.1388606827233; Wed, 01 Jan 2014 12:07:07 -0800 (PST) X-Originating-IP: [2001:8b0:862:b944:4124:b77b:3c6f:cb27] In-Reply-To: <20140101195411.GP24286@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:4445 Archived-At: --001a11334474ab9c0f04eeee38ec Content-Type: text/plain; charset=UTF-8 Rich, Thank you for the extremely informative and quick response! I suspect in the small, understandable places that use this function in this package it should be possible to avoid multiple evaluations (well, at least for this version of the code; no g'tee that would hold). Out of interest, I presume there's no guarantee that alloca is aligned? It's not a feature I've ever used - it seems like a micro-optimisation for tight loops that should be made as part of a decision by a higher-level language (eg Vala, which, as I understand, doesn't). BTW, This package has a few more issues than just musl ones... it doesn't understand cross-compilation for starters, makes insane use of code generation (always a big smell in my book, especially when done using a compiled language). Looks like it suffers from not enough peer review / usage... Raphael Cohn Chief Architect, stormmq Co-Chair, OASIS MQTT Standard Secretary, OASIS AMQP Standard raphael.cohn@stormmq.com +44 7590 675 756 UK Office: Hamblethorpe Farm, Crag Lane, Bradley BD20 9DB, North Yorkshire, United Kingdom Telephone: +44 845 3712 567 Registered office: 16 Anchor Street, Chelmsford, Essex, CM2 0JY, United Kingdom StormMQ Limited is Registered in England and Wales under Company Number 07175657 StormMQ.com On 1 January 2014 19:54, Rich Felker wrote: > On Wed, Jan 01, 2014 at 07:42:47PM +0000, Raphael Cohn wrote: > > Hi, > > > > I'm trying to compile 'audit' (aka libaudit, auditd, etc - from > > http://people.redhat.com/sgrubb/audit/index.html version 2.3.2). Using > musl > > 0.9.14. > > > > The file 'src/ausearch-lol.c' uses a reference to 'strndupa', which I > > presume is an alloca version of strndup, and presumably a _GNU_SOURCE > > feature. I can't seem to see a definition for it in musl, although > strdupa > > exists in string.h (Indeed, http://linux.die.net/man/3/strdup suggests > as > > much). > > > > Is this intentional? If so, what would anyone suggest as a work around? > My > > guess would be #define strndupa(x, t) strncpy(alloca(strlen(x)+1),x,t) > > but I'd like a second opinion... > > That's roughly the way to do it, but you need strnlen, not strlen, and > there are various other details like properly parenthesizing macro > arguments. In addition, there's no way to avoid multiple-evaluations > of arguments unless you use the GNU C statement-expressions extension. > > It should be noted that almost any use of alloca is either a bug > (potentially exploitable stack overflow) or useless (because the size > is bounded and thus could/should just be replaced by a fixed-size > array). This is the main reason I've been hesitant to go to the > trouble of providing this and dealing with the multiple-evaluation or > #ifdef __GNUC__ issue -- really, any software using alloca (and by > extension, strdupa or strndupa) should be fixed. > > Rich > --001a11334474ab9c0f04eeee38ec Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Rich,

Thank you for the extremely informative = and quick response! I suspect in the small, understandable places that use = this function in this package it should be possible to avoid multiple evalu= ations (well, at least for this version of the code; no g'tee that woul= d hold).

Out of interest, I presume there's no guarantee that alloca i= s aligned? It's not a feature I've ever used - it seems like a micr= o-optimisation for tight loops that should be made as part of a decision by= a higher-level language (eg Vala, which, as I understand, doesn't).

BTW, This package has a few more issues than just musl ones... it = doesn't understand cross-compilation for starters, makes insane use of = code generation (always a big smell in my book, especially when done using = a compiled language). Looks like it suffers from not enough peer review / u= sage...

Raphael Cohn<= br>Chief Architect, stormmq
Co-Chair, OASIS MQTT Standard
Secre= tary, OASIS AMQP Standard
raphael.cohn@stormmq.com
+44 7590 675 756

UK Office:
Hamblethorpe Farm, Crag = Lane, Bradley BD20 9DB, North Yorkshire, United Kingdom
Telephone: +44 8= 45 3712 567

Registered office:
16 Anchor Street, Chelmsford, Essex, CM2 0JY, U= nited Kingdom
StormMQ Limited is Registered in England and Wales under Company Number 071= 75657
StormMQ.com


On 1 January 2014 19:54, Rich Felker <d= alias@aerifal.cx> wrote:
On Wed, Jan 01, 2014 at 07:42:47PM = +0000, Raphael Cohn wrote:
> Hi,
>
> I'm trying to compile 'audit' (aka libaudit, auditd, etc -= from
> http://people.redhat.com/sgrubb/audit/index.html version 2.3.2= ). Using musl
> 0.9.14.
>
> The file 'src/ausearch-lol.c' uses a reference to 'strndup= a', which I
> presume is an alloca version of strndup, and presumably a _GNU_SOURCE<= br> > feature. I can't seem to see a definition for it in musl, although= strdupa
> exists in string.h (Indeed, http://linux.die.net/man/3/strdup suggests as
> much).
>
> Is this intentional? If so, what would anyone suggest as a work around= ? My
> guess would be =C2=A0#define strndupa(x, t) strncpy(alloca(strlen(x)+1= ),x,t)
> but I'd like a second opinion...

That's roughly the way to do it, but you need strnlen, not = strlen, and
there are various other details like properly parenthesizing macro
arguments. In addition, there's no way to avoid multiple-evaluations of arguments unless you use the GNU C statement-expressions extension.

It should be noted that almost any use of alloca is either a bug
(potentially exploitable stack overflow) or useless (because the size
is bounded and thus could/should just be replaced by a fixed-size
array). This is the main reason I've been hesitant to go to the
trouble of providing this and dealing with the multiple-evaluation or
#ifdef __GNUC__ issue -- really, any software using alloca (and by
extension, strdupa or strndupa) should be fixed.

Rich

--001a11334474ab9c0f04eeee38ec-- From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4446 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: musl & strndupa? Date: Wed, 1 Jan 2014 15:18:59 -0500 Message-ID: <20140101201859.GQ24286@brightrain.aerifal.cx> References: <20140101195411.GP24286@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1388607548 28425 80.91.229.3 (1 Jan 2014 20:19:08 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 1 Jan 2014 20:19:08 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4450-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jan 01 21:19:15 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VySG0-0007pH-QX for gllmg-musl@plane.gmane.org; Wed, 01 Jan 2014 21:19:12 +0100 Original-Received: (qmail 26560 invoked by uid 550); 1 Jan 2014 20:19:12 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 26552 invoked from network); 1 Jan 2014 20:19:11 -0000 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:4446 Archived-At: On Wed, Jan 01, 2014 at 08:07:07PM +0000, Raphael Cohn wrote: > Rich, > > Thank you for the extremely informative and quick response! I suspect in > the small, understandable places that use this function in this package it > should be possible to avoid multiple evaluations (well, at least for this > version of the code; no g'tee that would hold). > > Out of interest, I presume there's no guarantee that alloca is aligned? You'd have to consult the compiler for a guarantee, but I think the intent is that it's suitably aligned for any type, but perhaps not for extended things like vector operations. > It's not a feature I've ever used - it seems like a micro-optimisation for > tight loops that should be made as part of a decision by a higher-level > language (eg Vala, which, as I understand, doesn't). The intent of alloca is to allow the programmer to be lazy about obtaining temporary, "arbitrarily large" storage that will automatically cease to exist when the caller returns. It's mostly obsoleted by VLAs (but alloca can do things VLA can't, e.g. when used in loops), but VLAs are also unsafe in the same way that there's no way to check for allocation failures or handle them when they occur. When you really need more than a small reasonable bounded-size buffer, you need to be using malloc/free and dealing with the ugly failure cases and cleanup on return... Rich