bug-gnulib@gnu.org mirror (unofficial)
 help / color / mirror / Atom feed
From: Bruno Haible <bruno@clisp.org>
To: "Tim Rühsen" <tim.ruehsen@gmx.de>
Cc: ag <aga.chatzimanikas@gmail.com>, bug-gnulib@gnu.org
Subject: Re: string types
Date: Mon, 06 Jan 2020 13:46:53 +0100	[thread overview]
Message-ID: <8097572.G4CVgrrz2P@omega> (raw)
In-Reply-To: <9ac48e4c-9470-d64b-e14e-a3f66c9c00e1@gmx.de>

Hi Tim,

> >>>   - providing primitives for string allocation reduces the amount of buffer
> >>>     overflow bugs that otherwise occur in this area. [1]
> >>> [1] https://lists.gnu.org/archive/html/bug-gnulib/2019-09/msg00031.html
> > ...
> We created a 'catch them all' string/buffer type plus API. It is a good
> compromise for all kinds of situations, works like a memory buffer but
> is guaranteed 0-terminated, allows custom stack buffers with fallback to
> heap if to small.
> 
> https://gitlab.com/gnuwget/wget2/blob/master/libwget/buffer.c
> 
> 
> There also is a sprintf functionality (glibc compatible) using these
> buffers - and the operation is well faster than glibc's sprintf-like
> functions for all format strings tested (tested back a few years). The
> code is also much smaller (380 C code lines), the return values are
> size_t. It doesn't support float/double.
> 
> https://gitlab.com/gnuwget/wget2/blob/master/libwget/buffer_printf.c
> 
> If there is serious interest, I could prepare modules for gnulib.

It is interesting that your solution does not only cover the simple cases
(string concatenation, etc.), but also the more complex one, possibly
with if()s in the generation logic, and all this without blatant potential
for buffer overflow bugs.

So, the solution would consists of the following parts:
  (A) A growable buffer type, with up to N (128 or 1024 or so) bytes on
      the stack.
  (B) A set of functions for appending to such a growable buffer.
  (C) A function for creating a heap-allocated 'char *' from a growable
      buffer.
  (D) Short-hand functions for the simple cases (like string concatenation).

It would be good to have all these well integrated (in terms of function
names and calling conventions). So far, in gnulib, we have only pieces of
it:
  - Module 'scratch_buffer' is (A) without (B), (C), (D).
  - Modules 'vasnprintf', 'asprintf' are (B), (C), (D) but without (A).

Before you start writing the code, it's worth looking at the following
questions:
  * Should the module 'scratch_buffer' be reused for (A)? Or is this
    not possible? If not, can it still have a memory-leak prevention
    like described in lib/malloc/scratch_buffer.h?
  * What about reusing the complete vasnprintf.c for (B), rather than
    adding another, limited printf-like implementation?
  * Is it best to implement (D) based on (A), (B), (C), or directly
    from scratch?

Bruno



  reply	other threads:[~2020-01-06 12:47 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-17 13:45 hard-locale: make multithread-safe Bruno Haible
2019-12-17 14:08 ` Tim Rühsen
     [not found]   ` <20191226221225.GA800@HATZ>
2019-12-27 10:51     ` string types Bruno Haible
2019-12-28 13:14       ` ag
2019-12-28 18:28         ` Paul Eggert
2019-12-28 20:44           ` ag
2019-12-28 22:40             ` Paul Eggert
2019-12-29  9:19         ` Bruno Haible
2019-12-29 17:13           ` ag
2019-12-29 20:02           ` ag
2019-12-29 21:24       ` Tim Rühsen
2019-12-31  9:53         ` Bruno Haible
2020-01-06 10:34           ` Tim Rühsen
2020-01-06 12:46             ` Bruno Haible [this message]
2020-01-06 16:08               ` Tim Rühsen
2020-01-06 16:49                 ` Tim Rühsen
2019-12-18  1:45 ` hard-locale: make multithread-safe Paul Eggert
2019-12-18  8:51   ` Bruno Haible
2019-12-21  6:33     ` Bruno Haible
2019-12-18 10:29   ` LC_COLLATE in the C locale Bruno Haible
2019-12-18 16:27     ` Paul Eggert
2019-12-18 10:46   ` hard-locale: make multithread-safe Bruno Haible
2019-12-24 23:36     ` Bruno Haible

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8097572.G4CVgrrz2P@omega \
    --to=bruno@clisp.org \
    --cc=aga.chatzimanikas@gmail.com \
    --cc=bug-gnulib@gnu.org \
    --cc=tim.ruehsen@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).