Po Lu wrote:
> I believe that the semantics of the POSIX specification of this GNU
> function omit the implied guarantee that strnlen will never examine
> bytes beyond the first null byte
There is no such guarantee, not even implied.
> , made in (libc)String Length:
>
> If the array S of size MAXLEN contains a null byte, the ‘strnlen’
^^^^^^^^^^^^^^^^^^^^^^^^^^
> function returns the length of the string S in bytes. Otherwise it
> returns MAXLEN.
When the text says "the array S of size MAXLEN", it means that the bytes
S[0], S[1], ..., S[MAXLEN-1] must be accessible. Which is not the case if
you pass MAXLEN as > ~(uintptr_t)S.
The implementation could, for example, examine
S[0], S[MAXLEN-1], S[1], S[MAXLEN-2], ...
in this order and thus achieve the "more efficient" statement.
> Does this not imply that Android's strnlen implementation is incorrect?
Android's strnlen [1] is not incorrect, because the same requirements
that hold for memchr also hold for strnlen.
Bruno
[1]
https://android.googlesource.com/platform/bionic.git/+/refs/heads/main/libc/bionic/strnlen.cpp
