Re: strlen

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7/10/21 10:49 PM, Jonny Grant wrote:

On 10/07/2021 19:37, Alejandro Colomar (man-pages) wrote:

diff --git a/man3/wcslen.3 b/man3/wcslen.3
index af3fcb9ca..868f748a8 100644
--- a/man3/wcslen.3
+++ b/man3/wcslen.3
@@ -58,5 +58,12 @@ T}	Thread safety	MT-Safe
  .sp 1
  .SH CONFORMING TO
  POSIX.1-2001, POSIX.1-2008, C99.
+.SH NOTES
+.SS wcsnlen(3)
+If there is a known buffer size,
+it is probably better to use
+.BR wcsnlen (3),
+which can prevent some cases of buffer overrun/overflow.
  .SH SEE ALSO
-.BR strlen (3)
+.BR strlen (3),
+.BR wcsnlen (3)



Hi Alex

Thank you for making the updates!

As "buffer overrun" refers to writing to a buffer, my 2 cents would be to express as:

"which will prevent reading beyond the end of the character buffer"


I wrote both overrun and overflow on purpose.
I was thinking of something like:

const char *src;
char dest[5];

src = "This is a very ... long valid string";
len = strnlen(src, 5 - 1);
/* strlen(s) wouldn't overrun, but the next call would overflow */
memcpy(dest, src, len);
dest[len] = '\0';
But after thinking about it a second time, I think I'll remove it, and keep only overrun (and I like your text, I'll copy part of it), as the overflow is a problem of considering that the size of the buffers is going to be the same, and the solution is not to use strnlen(3), but to differentiate both sizes, which allows to detect truncation.
If the input string is known but the output buffer is small, I'd call strlen(str) and then MIN(len, bufsiz) (this is kind of equivalent to what strlcpy(3bsd) does). And if the input string is untrusted, I'd call strnlen(str, strsiz) and MIN(len, bufsiz) (this is kind of what strncpy_s(3) does). 





Any thoughts about adding the following?

NOTES
     Calling strlen with a NULL pointer is undefined behavior.



I'm waiting for Michael and/or Florian to comment on my proposal.
I don't want to fix a page and have 296 broken... I want to fix them all at once, but am not sure which solution to apply. 

But yes, adding a line like that one is likely.

Thanks!

Alex

--
Alejandro Colomar
Linux man-pages comaintainer; https://www.kernel.org/doc/man-pages/
http://www.alejandro-colomar.es/
[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux