On 6/27/24 02:37, Po Lu wrote:
Btw, doesn't this also mean that lib/strnlen.c (in Emacs, at least) is incorrect?
Thanks for pointing that out. I installed the attached into Gnulib and propagated it into Emacs master. Although I don't know of any practical, supported platform where this matters, it's better to be safer.
From 65fd60c02ccb5530249affc0caefc75aa88d61fc Mon Sep 17 00:00:00 2001 From: Paul Eggert <egg...@cs.ucla.edu> Date: Sun, 30 Jun 2024 11:27:48 +0100 Subject: [PATCH] strnlen: avoid undefined memcmp behavior MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Problem reported by Po Lu in: https://lists.gnu.org/r/bug-gnulib/2024-06/msg00288.html * config/srclist.txt: Don’t mention strnlen.c even in a comment, as the Gnulib and glibc implementations have diverged for portability reasons, and they’re never likely to merge. * lib/strnlen.c (strnlen): Avoid undefined behavior if the array S points to has fewer than MAXLEN bytes. --- ChangeLog | 11 +++++++++++ config/srclist.txt | 1 - lib/strnlen.c | 16 ++++++++++------ 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index b10396d1fe..d2d81c25a1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2024-06-30 Paul Eggert <egg...@cs.ucla.edu> + + strnlen: avoid undefined memcmp behavior + Problem reported by Po Lu in: + https://lists.gnu.org/r/bug-gnulib/2024-06/msg00288.html + * config/srclist.txt: Don’t mention strnlen.c even in a comment, + as the Gnulib and glibc implementations have diverged for + portability reasons, and they’re never likely to merge. + * lib/strnlen.c (strnlen): Avoid undefined behavior if + the array S points to has fewer than MAXLEN bytes. + 2024-06-30 Bruno Haible <br...@clisp.org> tests: Avoid warning "is_running_under_virtualbox defined but not used". diff --git a/config/srclist.txt b/config/srclist.txt index 8930847018..ce47f3f210 100644 --- a/config/srclist.txt +++ b/config/srclist.txt @@ -205,7 +205,6 @@ $LIBCSRC time/mktime-internal.h lib #$LIBCSRC string/strcasecmp.c lib gpl #$LIBCSRC string/strchrnul.c lib gpl #$LIBCSRC string/strerror.c lib gpl -#$LIBCSRC string/strnlen.c lib gpl #$LIBCSRC sysdeps/posix/gettimeofday.c lib gpl #$LIBCSRC sysdeps/posix/rename.c lib gpl #$LIBCSRC sysdeps/unix/mkdir.c lib gpl diff --git a/lib/strnlen.c b/lib/strnlen.c index 80857ec22b..5231e4c595 100644 --- a/lib/strnlen.c +++ b/lib/strnlen.c @@ -1,6 +1,5 @@ /* Find the length of STRING, but scan at most MAXLEN characters. Copyright (C) 2005-2007, 2009-2024 Free Software Foundation, Inc. - Written by Simon Josefsson. This file is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as @@ -19,12 +18,17 @@ #include <string.h> -/* Find the length of STRING, but scan at most MAXLEN characters. - If no '\0' terminator is found in that many characters, return MAXLEN. */ +/* Find the length of S, but scan at most MAXLEN bytes. + S must be a string if it starts with fewer than MAXLEN initialized bytes. + If no '\0' terminator is found in that many bytes, return MAXLEN. */ size_t -strnlen (const char *string, size_t maxlen) +strnlen (const char *s, size_t maxlen) { - const char *end = memchr (string, '\0', maxlen); - return end ? (size_t) (end - string) : maxlen; + /* Do not use memchr, because on some platforms memchr has + undefined behavior if MAXLEN exceeds the number of bytes in S. */ + size_t i; + for (i = 0; i < maxlen && s[i]; i++) + continue; + return i; } -- 2.34.1
