On 7/9/24 22:03, Eric Blake wrote:
https://www.austingroupbugs.net/view.php?id=1834#c6830
The current draft of proposed wording would have the C standard state:
2 The strnlen function counts not more than n characters (a null
character and characters that follow it are not counted) in the array
to which s points. At most the first n characters of s shall be
accessed by strnlen.
at which point, strnlen("", SIZE_MAX)_is_ allowed to_access_ beyond
the NUL byte,
No it wouldn't, because strnlen must stop counting at the first null byte.
If this point isn't made clear in the current proposal, it should be
made clear. Lots of user code relies on strnlen doing the right thing
even if the string is shorter than n. In practice implementations that
screw up in this area, and are incompatible with glibc etc., are deemed
broken and are fixed. The standard should not allow further breakage.
