On Wed, Jul 10, 2024 at 01:55:51AM GMT, Paul Eggert wrote: > On 7/9/24 22:03, Eric Blake wrote: > > https://www.austingroupbugs.net/view.php?id=1834#c6830 > > > > The current draft of proposed wording would have the C standard state: > > > > 2 The strnlen function counts not more than n characters (a null > > character and characters that follow it are not counted) in the array > > to which s points. At most the first n characters of s shall be > > accessed by strnlen. > > > > at which point, strnlen("", SIZE_MAX)_is_ allowed to_access_ beyond > > the NUL byte, > > No it wouldn't, because strnlen must stop counting at the first null byte. > > If this point isn't made clear in the current proposal, it should be made > clear. Lots of user code relies on strnlen doing the right thing even if the > string is shorter than n. In practice implementations that screw up in this > area, and are incompatible with glibc etc., are deemed broken and are fixed. > The standard should not allow further breakage.
I've raised that point to the Austin Group, and Chris Bazeley (the one working on changing the C standard) should see it soon enough. -- Eric Blake, Principal Software Engineer Red Hat, Inc. Virtualization: qemu.org | libguestfs.org
