This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: I: [PATCH] asprintf error handling fix

From: "Dmitry V. Levin" <ldv at alt-linux dot org>
To: libc-alpha at sources dot redhat dot com
Date: Mon, 10 Dec 2001 16:18:13 +0300
Subject: Re: I: [PATCH] asprintf error handling fix
References: <20011205185828.GA8376@ldv.office.alt-linux.org> <m3itbkzppt.fsf@myware.mynet> <20011207085915.GC17582@ldv.office.alt-linux.org> <u8wuzz42zp.fsf@gromit.moeb> <20011207134542.GA28417@ldv.office.alt-linux.org> <m3her381l8.fsf@myware.mynet>

On Fri, Dec 07, 2001 at 07:57:39AM -0800, Ulrich Drepper wrote:
> > I'm talking about already written software which rely on zeroing
> > result_ptr.
> 
> There is no such software using glibc.  Changing this (which is

Unfortunately, there are software using asprintf in BSD-like way.
When ported to glibc, it gets broken if asprintf calls aren't fixed.

> completely unnecessary) will create an incompatibility.  Newly
> developed code might check only for the NULL pointer value and these
> programs would then fail with older glibc versions.

It's glibc's maintainer's (debatable) point of view.

There is another point of view. Imagine you are gnu/linux distribution
vendor. You have a lot of software so you have no ability to audit it all
in reasonable short time. You start to audit core of system, and see
non-obvious asprintf usage. You check the glibc code, and understand that
both program and glibc require fix, patch them and notify maintainers
(it's real story how this asprintf bug was found). Fine, both glibc and
broken program fixed, but what to do with rest of software in
distribution? Fix it altogether is unrealistic, since amount is large
(remember even glibc code had almost no check for asprintf return status).

Yes, suggested asprintf API change is kind of hardening, but for
distribution vendor it's a real help to partially fix software.

So don't surprise if distribution vendors will apply this patch
(attached).

Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.ru/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.

Attachment: glibc-20011210-asprintf-result_ptr.patch
Description: Text document

Attachment: msg00100/pgp00000.pgp
Description: PGP signature

Follow-Ups:
- Re: I: [PATCH] asprintf error handling fix
  - From: Andreas Jaeger

References:
- I: [PATCH] asprintf error handling fix
  - From: Dmitry V. Levin
- Re: I: [PATCH] asprintf error handling fix
  - From: Ulrich Drepper
- Re: I: [PATCH] asprintf error handling fix
  - From: Dmitry V. Levin
- Re: I: [PATCH] asprintf error handling fix
  - From: Andreas Jaeger
- Re: I: [PATCH] asprintf error handling fix
  - From: Dmitry V. Levin
- Re: I: [PATCH] asprintf error handling fix
  - From: Ulrich Drepper

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]