From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4113 Path: news.gmane.org!not-for-mail From: Justin Cormack Newsgroups: gmane.linux.lib.musl.general Subject: Re: [PATCH] getcwd: Set errno to EINVAL when size == 0 Date: Mon, 7 Oct 2013 18:15:24 +0100 Message-ID: References: <1381126104-24579-1-git-send-email-mforney@mforney.org> <1381127894.6107.59.camel@eris.loria.fr> <20131007162157.GC20515@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Trace: ger.gmane.org 1381166139 6293 80.91.229.3 (7 Oct 2013 17:15:39 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 7 Oct 2013 17:15:39 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4117-gllmg-musl=m.gmane.org@lists.openwall.com Mon Oct 07 19:15:40 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VTEPC-00034F-Eo for gllmg-musl@plane.gmane.org; Mon, 07 Oct 2013 19:15:38 +0200 Original-Received: (qmail 12188 invoked by uid 550); 7 Oct 2013 17:15:37 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 12180 invoked from network); 7 Oct 2013 17:15:37 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=specialbusservice.com; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=16E/D8jRKGA7jefkz7E0ailCnB9CDo43MCq6zVQfB2g=; b=I5E5DQVinQSOYkbT7au099YlxtjnjwNqSEVlC4v6LPIxD+sh+JlxCanZNT3STTkVNY sKuAlxOIUyUvVB7APTnibbvGxYt+ZLkmg3mh2A42SH5THqqoNnl7dDD6vwh8l8vD+y+u ktJW7qXOoRPXq28eoq6FKN2jpbN07Khu9ej5A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=16E/D8jRKGA7jefkz7E0ailCnB9CDo43MCq6zVQfB2g=; b=N9DNxZqwYIIMerdQqG8T//BW883zG0d4zwyPLU/eYqIFOSfH0XsYARGLiTc8bmkfcK M8wJOm5h1SqZaNZ38odaJb2AYg9LtR40LlBTafmWcFkhv124UNl76rQfENJnS4kFFnK1 hFHJLqO2Gs11+Np06LKX2JDC6YnUtcssJbiLl8H8Cxrv7OpuU6GNDZhaQS87fBEhGFeV rjCTqejBNVfELv02EF/HOK1NkKIprygS4dHLb+tMFlUX1mHm4KD+QYFBjP+p/NFsAl3c sjvBrVXvlS0+5EPe7SiyaY7RwWCg6o/tSsYDDVmzMYKkucCwKyruDgWiCpFMzzABiiG6 Y+XQ== X-Gm-Message-State: ALoCoQmItZe0P/YLvK9alYnDW1Vv4ZOpYMX14TiSjae6T9lyRIWnDDrb9ILS/PtPxhnWDxv5kd4/ X-Received: by 10.66.149.231 with SMTP id ud7mr34127062pab.8.1381166124820; Mon, 07 Oct 2013 10:15:24 -0700 (PDT) In-Reply-To: <20131007162157.GC20515@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:4113 Archived-At: On Mon, Oct 7, 2013 at 5:21 PM, Rich Felker wrote: > On Mon, Oct 07, 2013 at 08:38:14AM +0200, Jens Gustedt wrote: >> Hello, >> >> Am Sonntag, den 06.10.2013, 23:08 -0700 schrieb Michael Forney: >> > According to POSIX, >> > >> > The getcwd() function shall fail if: >> > >> > [EINVAL] >> > The size argument is 0. >> > [ERANGE] >> > The size argument is greater than 0, but is smaller than the length >> > of the string +1. >> > --- >> > src/unistd/getcwd.c | 4 ++++ >> > 1 file changed, 4 insertions(+) >> > >> > diff --git a/src/unistd/getcwd.c b/src/unistd/getcwd.c >> > index 2e540cd..0238fa7 100644 >> > --- a/src/unistd/getcwd.c >> > +++ b/src/unistd/getcwd.c >> > @@ -8,6 +8,10 @@ char *getcwd(char *buf, size_t size) >> > { >> > char tmp[PATH_MAX]; >> > if (!buf) buf = tmp, size = PATH_MAX; >> > + else if (size == 0) { >> > + errno = EINVAL; >> > + return 0; >> > + } >> > if (syscall(SYS_getcwd, buf, size) < 0) return 0; >> >> Is the new error check really necessary? I would have expected the >> error path to have triggered before when buf is !0 and size is 0 on >> entry. > > In principle the kernel should be generating the EINVAL if size is 0, > but maybe it does the wrong thing...? > >> > return buf == tmp ? strdup(buf) : buf; >> >> This in turn doesn't seem to be consistent with the extension that >> glibc offers. It says >> >> > In this case, the allocated buffer has the length size > > You omitted the rest of that sentence: "unless size is zero, when buf > is allocated as big as necessary." > >> So I would think that strdup(buf) should be replaced by something like >> >> strcpy(malloc(size), buf) > > This is definitely unsafe if size is less than strnel(buf)+1. I'm not > convinced this aspect of the glibc behavior (using the size argument) > is beneficial; the only possible case in which it would be benficial > is when the caller wants the returned buffer to have space for > appending a filename, which could be achieved by passing PATH_MAX. > However, I thought the whole point of having getcwd accept a NULL > argument was for the GNU HURD "no PATH_MAX limit" model, in which case > you wouldn't even know the right length to pass in order to have space > left over to append a filename. > > If it is deemed important to support this weird GNU behavior, I think > it would be beneficial to always allocate MAX(strlen(buf)+1,size) > rather than just size, to avoid spurious failure. > > Opinions from anyone else? I can't see any way in which the user could detect (in the malloc case) that you always allocated PATH_MAX not the provided size, so you may as well just do that if they insist on using this stupid interface in the first place. Justin