Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Apr 2016 10:56:25 +0300 (MSK)
From: Alexander Monakov <amonakov@...ras.ru>
To: musl@...ts.openwall.com
Subject: Re: Removing stupid, spurious UB in stdio (bikeshed time)

On Tue, 26 Apr 2016, Rich Felker wrote:
> There's a lot of nonsense-UB in stdio due to buffer comparisons along
> the lines of "f->rpos < f->rend". The intent of these comparisons is
> to simultaneously check that the buffer is initialized for the proper
> mode (read or write) and that there's data left in it (for reading) or
> space left (to write) or buffered data to be written out (for write),
> etc.
> 
> Unfortunately, when the buffer is uninitialized for the mode being
> checked, the comparison becomes NULL<NULL, and while this should
> obviously be false (since < implies !=), NULL<NULL is actually UB.
> [snip]
> So what to do?

Well, since NULL-NULL and NULL<NULL are well-defined in C++, ... ;)

Sorry that I don't offer a more substantial comment; let me just chime in
on the point that a writeup documenting stdio design, like you say,

> I think a good place to start might be coming up with and documenting a
> clear model for how stdio's buffer internals are supposed to work, what
> operations are allowed, what invariants hold, etc. based on the above
> analysis of current UB issues and what the code is doing.

would be nice to have; you recently noted that setvbuf has restrictions,
and if there are other non-obvious stuff (especially if musl-specific),
having it written down should be useful.

Thanks.
Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.