This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: New read etc. checking macros

From: Jakub Jelinek <jakub at redhat dot com>
To: Roland McGrath <roland at redhat dot com>
Cc: Ulrich Drepper <drepper at redhat dot com>, Glibc hackers <libc-hacker at sources dot redhat dot com>
Date: Sat, 26 Feb 2005 01:08:12 +0100
Subject: Re: New read etc. checking macros
References: <20050225172817.GB4777@sunsite.mff.cuni.cz> <200502252329.j1PNTwda032230@magilla.sf.frob.com>
Reply-to: Jakub Jelinek <jakub at redhat dot com>

On Fri, Feb 25, 2005 at 03:29:58PM -0800, Roland McGrath wrote:
> I can imagine reading POSIX to say that this is not in fact invoked
> undefined behavior when there is some external guarantee such as the
> program knowing that the file being read contains no more than 10 bytes.
> The standard C functions' specifications talk more explicitly about an
> array (for e.g. fgets and fread), so the strict reading might not be as
> permissive for those as for the POSIX functions like read.  Regardless,
> this is desireable checking for the way people usually write their programs.
> Perhaps it should be done only at _FORTIFY_SOURCE >= 2.

Yeah, I think we can only protect read etc. with _FORTIFY_SOURCE >= 2
which has some limitations against POSIX and not allowing bigger len
than the buffer that is provided is reasonable limitation.

	Jakub

Follow-Ups:
- Re: New read etc. checking macros
  - From: Roland McGrath

References:
- New read etc. checking macros
  - From: Jakub Jelinek
- Re: New read etc. checking macros
  - From: Roland McGrath

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]