On 10/07/2021 19:37, Alejandro Colomar (man-pages) wrote:
> Hi Jonny,
>
> On 7/9/21 10:44 PM, Jonny Grant wrote:
>>
>>
>> On 07/07/2021 17:57, Alejandro Colomar (man-pages) wrote:
>>> On 7/7/21 3:31 PM, Jonny Grant wrote:
>> [snip]
>>>>
>>>>
>>>>
>>>> Maybe the man page could just state:
>>>>
>>>>
>>>> NOTES
>>>>
>>>> The calling strlen with a NULL pointer is undefined behavior.
>>>
>>> Okay. I agree that should probably be documented.
>>> I'm surprised it's not documented already. Not even in the glibc manual (or I couldn't find it).
>>>
>>> There are a lot of functions that should get this addition, though. I'd like to patch them all at once. I'll try to find a list of functions documented in the man pages and that have nonnull in the oimplementation. If I don't come back soon with a list, please ping me.
>>>
>>> Thanks,
>>>
>>> Alex
>>>
>>
>> Perhaps the NOTES section on strlen(3) could also give a hint that strnlen would be better to use than strlen if the max buffer size is known. Likewise suggestion the same for wcslen(3) could suggest wcsnlen(3) where the buffer size is know.
>
> Agreed.
>
> I applied the following patch.
>
> Kind regards,
>
> Alex
>
> ---
>>From a9ab4fdd530486450b84137dce1d869f6cbfcbe0 Mon Sep 17 00:00:00 2001
> From: Alejandro Colomar <alx.manpages@xxxxxxxxx>
> Date: Sat, 10 Jul 2021 20:34:59 +0200
> Subject: strlen.3, wcslen.3: Add recommendations for safer variants
>
> Reported-by: Jonny Grant <jg@xxxxxxxx>
> Signed-off-by: Alejandro Colomar <alx.manpages@xxxxxxxxx>
> ---
> man3/strlen.3 | 6 ++++++
> man3/wcslen.3 | 9 ++++++++-
> 2 files changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/man3/strlen.3 b/man3/strlen.3
> index dea4c1050..fb734db1b 100644
> --- a/man3/strlen.3
> +++ b/man3/strlen.3
> @@ -66,6 +66,12 @@ T} Thread safety MT-Safe
> .sp 1
> .SH CONFORMING TO
> POSIX.1-2001, POSIX.1-2008, C89, C99, C11, SVr4, 4.3BSD.
> +.SH NOTES
> +.SS strnlen(3)
> +If there is a known buffer size,
> +it is probably better to use
> +.BR strnlen (3),
> +which can prevent some cases of buffer overrun/overflow.
> .SH SEE ALSO
> .BR string (3),
> .BR strnlen (3),
> diff --git a/man3/wcslen.3 b/man3/wcslen.3
> index af3fcb9ca..868f748a8 100644
> --- a/man3/wcslen.3
> +++ b/man3/wcslen.3
> @@ -58,5 +58,12 @@ T} Thread safety MT-Safe
> .sp 1
> .SH CONFORMING TO
> POSIX.1-2001, POSIX.1-2008, C99.
> +.SH NOTES
> +.SS wcsnlen(3)
> +If there is a known buffer size,
> +it is probably better to use
> +.BR wcsnlen (3),
> +which can prevent some cases of buffer overrun/overflow.
> .SH SEE ALSO
> -.BR strlen (3)
> +.BR strlen (3),
> +.BR wcsnlen (3)
>
Hi Alex
Thank you for making the updates!
As "buffer overrun" refers to writing to a buffer, my 2 cents would be to express as:
"which will prevent reading beyond the end of the character buffer"
Any thoughts about adding the following?
NOTES
Calling strlen with a NULL pointer is undefined behavior.
With kind regards
Jonny
