Conversation

Notices

1. Embed this notice
   Alan Coopersmith (alanc@fosstodon.org)'s status on Saturday, 27-Jul-2024 09:42:27 JST Alan Coopersmith

   In https://www.openwall.com/lists/oss-security/2024/07/26/1 I commented:

   "Note that asprintf() and vasprintf() are part of the POSIX.1-2024 standard which was officially published last month, so these are no longer system-specific extensions:

   https://pubs.opengroup.org/onlinepubs/9799919799/functions/asprintf.html
   https://pubs.opengroup.org/onlinepubs/9799919799/functions/vasprintf.html

   though they are not yet part of the C standard itself."

   To ask the #POSIX committee to add them, I just had to submit https://austingroupbugs.net/view.php?id=1496

   I wish it was that easy to ask the C committee, instead of having to write a paper for it.

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Alan Coopersmith (alanc@fosstodon.org)'s status on Saturday, 27-Jul-2024 09:43:10 JST Alan Coopersmith

     in reply to

     As @solardiz noted in the followup post at https://www.openwall.com/lists/oss-security/2024/07/26/2 the standard unfortunately allowed the GNU libc behavior of not guaranteeing the pointer would be NULL on failure, requiring users to check the return value, despite all the known non-GNU implementations guaranteeing to set it to NULL on failure, meaning that even though the standard requires asprintf() be provided, portable software still has to be aware of the different implementations.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 27-Jul-2024 09:56:20 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @alanc @solardiz I guess as Ulrich Drepper pointed you'd need to check the return value before using *ptr, which makes a bit of sense to me although it's a footgun for asprintf to not make *ptr NULL in case of error.
     At least I think it's doable for static analyzers to require error checking for asprintf and I guess if it gets into ISO C with the same problem, for compilers to do the check.
   • Embed this notice
     Alan Coopersmith (alanc@fosstodon.org)'s status on Sunday, 28-Jul-2024 07:52:43 JST Alan Coopersmith

     in reply to

     • Haelwenn /элвэн/ :triskell:

     @lanodan certainly the GNU libc maintainers could add attribute(warn_unused_result) to the asprintf prototype in their header files if they want to insist on this.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Sunday, 28-Jul-2024 08:06:45 JST Haelwenn /элвэн/ :triskell:

     in reply to

     @alanc Right, always forget about attributes, too used to using standards as sole target and documentation.
     At least C23 (yet to be released) should add [[nodiscard]].