Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Mar 2019 11:24:08 +0700
From: Jonny Grant <>
Subject: Re: C Annex K safe C functions


On 27/02/2019 17:50, Szabolcs Nagy wrote:
> * Jonny Grant <> [2019-02-27 10:30:52 +0700]:
>> Not on the list, so please cc me in replies.
>> Any plans to support Annex K?
>> Those safe functions are great, strncpy_s etc
> i wonder why you think they are great,
> if they are advertised anywhere as safe or
> useful then that should be fixed.
> annex k is so incredibly broken and bad
> that there is a wg14 paper about it
> normally it's ok to add nonsense interfaces
> for compatibility, but in this case there is
> no widespread use and the api depends on global
> state that causes implementation issues even
> if we wanted to implement it.

Thanks for your reply!

Well I wouldn't disagree with experts. I should re-read that review though.

However, I was not aware that these APIs have global state? (memset_s, 
memcpy_s, memmove_s, strcpy_s, strncpy_s, strcat_s, strncat_s, strtok_s, 
memset_s, strerror_s, strerrorlen_s, strnlen_s) - do they?

strncpy_s is great, it avoids the bug in strncpy that could cause the 
buffer to not be terminated. It's better than the strlcpy BSD uses which 
truncates buffers.

BSD/OS X supports memset_s etc, but does not support 

FreeBSD seems to support memset_s

Oracle Solaris supports Annex K

If issues, I'd support amending Annex K, rather than removing. It's good 
they check for NULL/nullptr, they return errno_t directly instead of the 
errno global kludge. Sticking with old APIs forever is difficult, but no 
one uses creat() anymore either.

Could I ask, does your libc follow POSIX spec to the letter? eg not 
checking pointers for NULL (where spec omits to mention checking 
pointers valid) ? eg this call which crashes glibc?


It looks like it will still SIGSEGV...


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.