From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.1 required=3.0 tests=AWL,BAYES_00,BODY_8BITS, DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 4424A1F4B4 for ; Mon, 4 Jan 2021 12:52:22 +0000 (UTC) Received: from localhost ([::1]:37564 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kwPLQ-0001AU-OL for normalperson@yhbt.net; Mon, 04 Jan 2021 07:52:20 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51050) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kwPLN-0001AJ-He for bug-gnulib@gnu.org; Mon, 04 Jan 2021 07:52:17 -0500 Received: from mail-qk1-x733.google.com ([2607:f8b0:4864:20::733]:35925) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kwPLL-0000ir-Ge for bug-gnulib@gnu.org; Mon, 04 Jan 2021 07:52:17 -0500 Received: by mail-qk1-x733.google.com with SMTP id 186so23224929qkj.3 for ; Mon, 04 Jan 2021 04:52:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=to:cc:references:from:autocrypt:subject:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=aWuk4Eu3StgV+hxyRQJBNZpOFnQAnHkOWxAfssn+vMY=; b=jlzzNRFLLBlyNFAkHKPFhnHG8pPawr7tt3eavD3SS2Oy61r52zcir3b3AOI0hL+2dV 6VfmG+EcqxzKyy61np0fEGZtREiIjty1Xs8N+usw8SYRC8zdZT+Ogah2Oax2Qn1yJyc4 fUImRs726fBrtbMxuo+hmpAFLwtWg5QUfH20p0dqedeFNvot+ZAAL1jc+RHIOuKe9WZv fnAZcVs6YFMV8vpZCISkbE5cXnR7MyqPp+OfYS0XyrsiEiazU+OSIL/XGPcQP2PeFf5T ItK9lh7xWJcpcTGdVkH96+3UQYeGRYSN8oj8Cc/NcDjAsRKvo+aXcU7/eqMU3aBYdBbN gOCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:references:from:autocrypt:subject :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=aWuk4Eu3StgV+hxyRQJBNZpOFnQAnHkOWxAfssn+vMY=; b=QOHjGCT/E9N9XTTQ/LjB2uK4cnSPM6tky+Q6uYbRN3uCl9E27e85KEkXNuouhCjYu8 pBexpZu5+UE4bbxlQjGys0rDHpzJQfQ0xx0RfYF58nzUnJ/WdDHG0i96qa3qi2o1xG5c ch8LuAofLMO1yHmcslED8paazBfZH7uSaxmsvQbCLqVoXBSlIxdvMNDkPP6Ngt4oXqd3 WzBDOfmprW/oOf5lws5KUa0oBC8pjFeFNuNa2cyr0rGiCcCkCfy5wV6YG3aD/7BegLwB tgSEBtnYFqMbDIm55APIxZPPiiq6j1kkqTD9rJCQt9VxfdWd7GJBDODUd5umvBBkeiyf dBRg== X-Gm-Message-State: AOAM533jj18/ZZ05D0KtIm5N42PPeESaHhJfa39UVRRGFdezS8/feA/+ wAq8EDT16tY9EXKWciqxCh4OzQ== X-Google-Smtp-Source: ABdhPJzIi5XDtbG7N23DYMG/vUC8wFCcXDBQMzB053XXWNSmlRU45ugAfdohpW5oxnrvV24xa0NUBA== X-Received: by 2002:a37:4854:: with SMTP id v81mr72072709qka.20.1609764733657; Mon, 04 Jan 2021 04:52:13 -0800 (PST) Received: from [192.168.1.4] ([177.194.48.209]) by smtp.googlemail.com with ESMTPSA id r6sm37696441qkk.127.2021.01.04.04.52.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Jan 2021 04:52:13 -0800 (PST) To: Paul Eggert References: <20201229193454.34558-1-adhemerval.zanella@linaro.org> <20201229193454.34558-5-adhemerval.zanella@linaro.org> <502b6d2d-1139-ca9d-14cf-00082adc915e@linaro.org> <275283e0-70ee-5ea4-e63d-d0f1d1393667@cs.ucla.edu> From: Adhemerval Zanella Autocrypt: addr=adhemerval.zanella@linaro.org; prefer-encrypt=mutual; keydata= mQINBFcVGkoBEADiQU2x/cBBmAVf5C2d1xgz6zCnlCefbqaflUBw4hB/bEME40QsrVzWZ5Nq 8kxkEczZzAOKkkvv4pRVLlLn/zDtFXhlcvQRJ3yFMGqzBjofucOrmdYkOGo0uCaoJKPT186L NWp53SACXguFJpnw4ODI64ziInzXQs/rUJqrFoVIlrPDmNv/LUv1OVPKz20ETjgfpg8MNwG6 iMizMefCl+RbtXbIEZ3TE/IaDT/jcOirjv96lBKrc/pAL0h/O71Kwbbp43fimW80GhjiaN2y WGByepnkAVP7FyNarhdDpJhoDmUk9yfwNuIuESaCQtfd3vgKKuo6grcKZ8bHy7IXX1XJj2X/ BgRVhVgMHAnDPFIkXtP+SiarkUaLjGzCz7XkUn4XAGDskBNfbizFqYUQCaL2FdbW3DeZqNIa nSzKAZK7Dm9+0VVSRZXP89w71Y7JUV56xL/PlOE+YKKFdEw+gQjQi0e+DZILAtFjJLoCrkEX w4LluMhYX/X8XP6/C3xW0yOZhvHYyn72sV4yJ1uyc/qz3OY32CRy+bwPzAMAkhdwcORA3JPb kPTlimhQqVgvca8m+MQ/JFZ6D+K7QPyvEv7bQ7M+IzFmTkOCwCJ3xqOD6GjX3aphk8Sr0dq3 4Awlf5xFDAG8dn8Uuutb7naGBd/fEv6t8dfkNyzj6yvc4jpVxwARAQABtElBZGhlbWVydmFs IFphbmVsbGEgTmV0dG8gKExpbmFybyBWUE4gS2V5KSA8YWRoZW1lcnZhbC56YW5lbGxhQGxp bmFyby5vcmc+iQI3BBMBCAAhBQJXFRpKAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ EKqx7BSnlIjv0e8P/1YOYoNkvJ+AJcNUaM5a2SA9oAKjSJ/M/EN4Id5Ow41ZJS4lUA0apSXW NjQg3VeVc2RiHab2LIB4MxdJhaWTuzfLkYnBeoy4u6njYcaoSwf3g9dSsvsl3mhtuzm6aXFH /Qsauav77enJh99tI4T+58rp0EuLhDsQbnBic/ukYNv7sQV8dy9KxA54yLnYUFqH6pfH8Lly sTVAMyi5Fg5O5/hVV+Z0Kpr+ZocC1YFJkTsNLAW5EIYSP9ftniqaVsim7MNmodv/zqK0IyDB GLLH1kjhvb5+6ySGlWbMTomt/or/uvMgulz0bRS+LUyOmlfXDdT+t38VPKBBVwFMarNuREU2 69M3a3jdTfScboDd2ck1u7l+QbaGoHZQ8ZNUrzgObltjohiIsazqkgYDQzXIMrD9H19E+8fw kCNUlXxjEgH/Kg8DlpoYJXSJCX0fjMWfXywL6ZXc2xyG/hbl5hvsLNmqDpLpc1CfKcA0BkK+ k8R57fr91mTCppSwwKJYO9T+8J+o4ho/CJnK/jBy1pWKMYJPvvrpdBCWq3MfzVpXYdahRKHI ypk8m4QlRlbOXWJ3TDd/SKNfSSrWgwRSg7XCjSlR7PNzNFXTULLB34sZhjrN6Q8NQZsZnMNs TX8nlGOVrKolnQPjKCLwCyu8PhllU8OwbSMKskcD1PSkG6h3r0AquQINBFcVGkoBEACgAdbR Ck+fsfOVwT8zowMiL3l9a2DP3Eeak23ifdZG+8Avb/SImpv0UMSbRfnw/N81IWwlbjkjbGTu oT37iZHLRwYUFmA8fZX0wNDNKQUUTjN6XalJmvhdz9l71H3WnE0wneEM5ahu5V1L1utUWTyh VUwzX1lwJeV3vyrNgI1kYOaeuNVvq7npNR6t6XxEpqPsNc6O77I12XELic2+36YibyqlTJIQ V1SZEbIy26AbC2zH9WqaKyGyQnr/IPbTJ2Lv0dM3RaXoVf+CeK7gB2B+w1hZummD21c1Laua +VIMPCUQ+EM8W9EtX+0iJXxI+wsztLT6vltQcm+5Q7tY+HFUucizJkAOAz98YFucwKefbkTp eKvCfCwiM1bGatZEFFKIlvJ2QNMQNiUrqJBlW9nZp/k7pbG3oStOjvawD9ZbP9e0fnlWJIsj 6c7pX354Yi7kxIk/6gREidHLLqEb/otuwt1aoMPg97iUgDV5mlNef77lWE8vxmlY0FBWIXuZ yv0XYxf1WF6dRizwFFbxvUZzIJp3spAao7jLsQj1DbD2s5+S1BW09A0mI/1DjB6EhNN+4bDB SJCOv/ReK3tFJXuj/HbyDrOdoMt8aIFbe7YFLEExHpSk+HgN05Lg5TyTro8oW7TSMTk+8a5M kzaH4UGXTTBDP/g5cfL3RFPl79ubXwARAQABiQIfBBgBCAAJBQJXFRpKAhsMAAoJEKqx7BSn lIjvI/8P/jg0jl4Tbvg3B5kT6PxJOXHYu9OoyaHLcay6Cd+ZrOd1VQQCbOcgLFbf4Yr+rE9l mYsY67AUgq2QKmVVbn9pjvGsEaz8UmfDnz5epUhDxC6yRRvY4hreMXZhPZ1pbMa6A0a/WOSt AgFj5V6Z4dXGTM/lNManr0HjXxbUYv2WfbNt3/07Db9T+GZkpUotC6iknsTA4rJi6u2ls0W9 1UIvW4o01vb4nZRCj4rni0g6eWoQCGoVDk/xFfy7ZliR5B+3Z3EWRJcQskip/QAHjbLa3pml xAZ484fVxgeESOoaeC9TiBIp0NfH8akWOI0HpBCiBD5xaCTvR7ujUWMvhsX2n881r/hNlR9g fcE6q00qHSPAEgGr1bnFv74/1vbKtjeXLCcRKk3Ulw0bY1OoDxWQr86T2fZGJ/HIZuVVBf3+ gaYJF92GXFynHnea14nFFuFgOni0Mi1zDxYH/8yGGBXvo14KWd8JOW0NJPaCDFJkdS5hu0VY 7vJwKcyHJGxsCLU+Et0mryX8qZwqibJIzu7kUJQdQDljbRPDFd/xmGUFCQiQAncSilYOcxNU EMVCXPAQTteqkvA+gNqSaK1NM9tY0eQ4iJpo+aoX8HAcn4sZzt2pfUB9vQMTBJ2d4+m/qO6+ cFTAceXmIoFsN8+gFN3i8Is3u12u8xGudcBPvpoy4OoG Subject: Re: [PATCH v3 4/6] stdlib: Sync canonicalize with gnulib [BZ #10635] [BZ #26592] [BZ #26341] [BZ #24970] Message-ID: <35be46d6-1b5a-b1f9-c3db-0956448c55ae@linaro.org> Date: Mon, 4 Jan 2021 09:52:10 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <275283e0-70ee-5ea4-e63d-d0f1d1393667@cs.ucla.edu> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::733; envelope-from=adhemerval.zanella@linaro.org; helo=mail-qk1-x733.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: libc-alpha@sourceware.org, bug-gnulib@gnu.org Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" On 01/01/2021 21:04, Paul Eggert wrote: > On 12/30/20 5:10 AM, Adhemerval Zanella wrote: > >>> it is just really >>> a small optimization that adds code complexity on a somewhat convoluted >>> code. > > The code is indeed simpler without the NARROW_ADDRESSES optimization, so I removed that optimization by installing the attached patch into Gnulib. > >>> For ENAMETOOLONG, I think this is the right error code: it enforces >>> that we do not support internal objects longer that PTRDIFF_MAX. > > This sounds backwards, as the code returns ENOMEM every other place it tries to create an internal object longer than PTRDIFF_MAX - these ENOMEM checks are in the malloc calls invoked by scratch_buffer_grow and scratch_buffer_grow_preserve. It would be odd for canonicalize_file_name to return ENAMETOOLONG for this one particular way of creating a too-large object, while at the same time it returns ENOMEM for all the other ways. > > Besides, ENAMETOOLONG is the POSIX error code for exceeding NAME_MAX or PATH_MAX, which is not what is happening here.> > In Gnulib and other GNU apps we've long used the tradition that ENOMEM means you've run out of memory, regardless of whether it's because your heap or your address space is too small. This is a good tradition and it'd be good to use it here too. Right, I think we can now assume that that since the implementation does not really imposes any NAME_MAX or PATH_MAX limitations, returning memory allocation errors instead of ENAMETOOLONG is ok. I will adjust the stdlib/test-bz22786.c, it will require a slight large runtime and memory requirements (which should be ok). > >>> I think it should be a fair assumption to make it on internal code, such >>> as realpath > > Yes, staying less than PTRDIFF_MAX is a vital assumption on internal objects. I'd go even further and say it's important for user-supplied objects, too, as so much code relies on pointer subtraction and we can't realistically prohibit that within glibc. We do enforce it through memory allocations, however users can still craft such objects using mmap (some libc does imposes the same PTRDIFF_MAX limit on mmap as well). > >> (this is another reason why I think NARROW_ADDRESSES is not necessary). > > Unfortunately, if we merely assume every object has at most PTRDIFF_MAX bytes, we still must check for overflow when adding the sizes of two objects. The NARROW_ADDRESSES optimization would have let us avoid that unnecessary check on 64-bit machines. > >> And your fix (from 93e0186d4) does not really solve the issue, since >> now that len is a size_t the overflow check won't catch the potentially >> allocation larger than PTRDIFF_MAX (the realpath will still fail with >> ENOMEM though). > > Sure, which means the code is doing the right thing: it's failing with ENOMEM because it ran out of memory. There is no need for an extra PTRDIFF_MAX check in canonicalize.c if malloc (via scratch_buffer_grow) already does the check. >> Wouldn't the below be simpler? >> >>                size_t len = strlen (end); >>                if (len > IDX_MAX || INT_ADD_OVERFLOW ((idx_t) len, n)) >>                  { >>                    __set_errno (ENAMETOOLONG); >>                    goto error_nomem; >>                  } > > It's not simpler than the attached Gnulib patch, because it contains an unnecessary comparison to IDX_MAX and an unnecessary cast to idx_t. The extra comparison might avoid the scratch_buffer resize that will fail (since malloc will fail to try allocate PTRDIFF_MAX object), but it will be used only when such objects are provided (which depending of the system should not happen). Thanks, I synced with the most recent gnulib version.