Date: Thu, 27 Jun 2013 14:31:48 +1000 From: Matthew Fernandez <matthew.fernandez@...ta.com.au> To: <musl@...ts.openwall.com> CC: Rich Felker <dalias@...ifal.cx> Subject: Re: Use of size_t and ssize_t in mseek On 27/06/13 14:23, Rich Felker wrote: > On Thu, Jun 27, 2013 at 02:16:15PM +1000, Matthew Fernandez wrote: >> Perfectly reasonable to make it UB (and I had assumed it was so >> already). > > Well the UB is just passing a wrong size. But the only way you can > guarantee that such a huge size is "wrong" is by cutting off all ways > of making such a large object. In some sense this is true, but this would not have affected my scenario. I do not know the size of the object to which I have a pointer to and the object was not derived from Musl C functionality. As a bit of context, this is an embedded environment where we don't have much address space introspection. I suppose you could argue that I should have re-implemented fmemopen in a way that didn't assume a bounded buffer. >> It just seemed to me that it would be more user-friendly to >> bounds check the size parameter in fmemopen. Is there a reason not to do >> this? > > Mainly just consistency. There are a lot of places where sizes greater > than PTRDIFF_MAX would be problematic due to overflowing differences > and other issues, it's difficult (and ugly) to try to catch them all, > and even if you do catch them, in some cases, there's no obvious > "correct" course of action to take. fmemopen could check and return > some reasonable error, but I still want to find and fix any remaining > places where objects larger than PTRDIFF_MAX could come into existence > since they affect other code too, and once those are fixed, the check > in fmemopen would be obsolete. Yes, I agree with this reasoning. It seems fmemopen should really take a ssize_t, but this would require deviating from the standard which is undesirable. > As far as I can tell, mmap and maybe shmat are the only functions that > might be able to make such large objects. Do you know any others? Not that I'm aware of. I haven't explored Musl C much and would consider myself more of a user than developer with respect to its code. ________________________________ The information in this e-mail may be confidential and subject to legal professional privilege and/or copyright. National ICT Australia Limited accepts no liability for any damage caused by this email or its attachments.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.