Re: [RFC][PATCH v2] Initial support for C11 Annex K Bounds checking functions

["Joseph S. Myers" <joseph at codesourcery dot com>]

On Thu, 6 Jun 2013, Rich Felker wrote:

> > I tend to agree. It's a pity we loose GCC's warnings about null pointer 
> > arguments though. I don't like the fact that a program becomes more unsecure 
> > by the fact that is uses the Annex K functions.
> 
> I hardly find it a pity; rather, it's good reason for people NOT to
> use these ill-conceived functions and to instead simply compile proper
> portable C (portable in the sense of not depending on an optional
> annex) with _FORTIFY_SOURCE.

I think use of dynamic allocation functions such as those in TR 24731-2 
(which didn't get merged into C11, unlike 24731-1 which became Annex K) is 
perfectly reasonable.  (Some of those functions were derived from glibc 
via POSIX.  As noted on the wiki todo list, the wide-character versions 
aswprintf, vaswprintf, getwdelim, getwline aren't currently implemented in 
glibc, but would be a good addition and shouldn't be that hard to add.  
See <http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1388.pdf> for the 
final draft version I think is essentially the same as was published.)

> I'm unsure, but there's at lease one place that both the optimization
> and the warning would be unwanted: valid test code to check that the
> runtime-constraint violation handlers get called. I suppose it's also

There are various places glibc testcases get compiler warnings through 
testing deprecated interfaces or _FORTIFY_SOURCE functionality; I don't 
think that can be avoided (though we should try to stay clean of warnings 
except where actually unavoidable).

-- 
Joseph S. Myers
joseph@codesourcery.com