From: Jonny Grant <jg@jguk.org>
To: musl@lists.openwall.com
Subject: Re: C Annex K safe C functions
Date: Mon, 4 Mar 2019 11:24:08 +0700 [thread overview]
Message-ID: <fe0cc4d2-aa67-b2b5-d4e9-62f5683efc66@jguk.org> (raw)
In-Reply-To: <20190227105050.GE21289@port70.net>
Hi!
On 27/02/2019 17:50, Szabolcs Nagy wrote:
> * Jonny Grant <jg@jguk.org> [2019-02-27 10:30:52 +0700]:
>> Not on the list, so please cc me in replies.
>> Any plans to support Annex K?
>> Those safe functions are great, strncpy_s etc
>
> i wonder why you think they are great,
> if they are advertised anywhere as safe or
> useful then that should be fixed.
>
> annex k is so incredibly broken and bad
> that there is a wg14 paper about it
>
> http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1969.htm
>
> normally it's ok to add nonsense interfaces
> for compatibility, but in this case there is
> no widespread use and the api depends on global
> state that causes implementation issues even
> if we wanted to implement it.
Thanks for your reply!
Well I wouldn't disagree with experts. I should re-read that review though.
However, I was not aware that these APIs have global state? (memset_s,
memcpy_s, memmove_s, strcpy_s, strncpy_s, strcat_s, strncat_s, strtok_s,
memset_s, strerror_s, strerrorlen_s, strnlen_s) - do they?
strncpy_s is great, it avoids the bug in strncpy that could cause the
buffer to not be terminated. It's better than the strlcpy BSD uses which
truncates buffers.
BSD/OS X supports memset_s etc, but does not support
set_constraint_handler_s
https://opensource.apple.com/source/Libc/Libc-1244.1.7/string/NetBSD/memset_s.c.auto.html
FreeBSD seems to support memset_s
https://www.freebsd.org/cgi/man.cgi?query=memset&sektion=3&apropos=0&manpath=freebsd
Oracle Solaris supports Annex K
https://docs.oracle.com/cd/E88353_01/html/E37843/strncpy-s-3c.html#scrolltoc
If issues, I'd support amending Annex K, rather than removing. It's good
they check for NULL/nullptr, they return errno_t directly instead of the
errno global kludge. Sticking with old APIs forever is difficult, but no
one uses creat() anymore either.
Could I ask, does your libc follow POSIX spec to the letter? eg not
checking pointers for NULL (where spec omits to mention checking
pointers valid) ? eg this call which crashes glibc?
puts(NULL);
It looks like it will still SIGSEGV...
https://git.musl-libc.org/cgit/musl/tree/src/stdio/puts.c
Thanks
Jonny
next prev parent reply other threads:[~2019-03-04 4:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-27 3:30 Jonny Grant
2019-02-27 10:50 ` Szabolcs Nagy
2019-03-04 4:24 ` Jonny Grant [this message]
2019-03-04 6:40 ` A. Wilcox
2019-03-04 15:14 ` Rich Felker
2019-02-27 13:11 ` Rich Felker
2019-02-27 16:34 ` Rich Felker
2019-03-04 8:09 ` Florian Weimer
2019-03-05 13:19 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fe0cc4d2-aa67-b2b5-d4e9-62f5683efc66@jguk.org \
--to=jg@jguk.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).