Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Feb 2016 12:41:26 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Cc: Karl Palsson <karlp@...ctica.com>
Subject: Re: [PATCH] search: call user compare with "correct" order
 params

On Wed, Feb 24, 2016 at 12:12:29PM +0000, Karl Palsson wrote:
> From: Karl Palsson <karlp@...ake.is>
> 
> IEEE Std 1003.1, 2013 Edition only defines the two params to the
> user callback as, "The compar argument points to a comparison function
> which the application shall supply (for example, strcmp()). It is called
> with two arguments that point to the elements being compared."
> 
> Both uclibc and glibc provide the arguments as, "
> The comparison function referenced by compar is expected to have two
> arguments which point to the key object and to an array member, in that order
> "
> 
> Musl currently provides the arguments as array member, then key object.
> While this is strictly compliant with the standard, it's equally
> compliant to have the parameters in the other order.  If you are using
> lfind to search a list of complex structures where the key is not the
> same type as each entry, having these parameters arrive in unexpectd
> order can/will result in segfaults.
> 
> => Swap the order of the arguments to the user function, maintaining
> equal compatibility with the standard, and gaining compatibility with
> uclibc and glibc.

I've read some of the scrollback from the discussion of this on IRC,
and I think:

1. Regardless of whether the patch is accepted or not, applications
   using this interface in non-portable ways should be fixed.

2. As you said, lfind/lsearch are useless functions. Aside from the
   order of the arguments being unspecified (which doesn't hurt code
   using them in the intended way), they're just going to be a lot
   slower than inlining the comparison in your own for loop.

Is there existing software that's affected by this issue for which
it's hard to get a fix upstream?

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.