From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS31976 209.132.180.0/23 X-Spam-Status: No, score=-4.0 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 79D031F45E for ; Sun, 16 Feb 2020 00:02:42 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:cc:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=eIvIZBf7wZvG/A/C Z+GdZs1lXTmSpUcJQJHgIzy/quuflc7efYa0QuKpSJILtDuDxPz7tRyKpv3LewtT CtMb4IkgwaipwXzMmSxkdKSJDQtJM3+YAzjf6P++CSdu9ThnOfa3ghTzj++VlJ20 AIcb62BpI3r/9jyRseLMoYzpd54= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:cc:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; s=default; bh=aEMNTAdJj1/dcXLjixtL+9 Gi/d4=; b=DxuSbmdRGTdq9VM28KI7r4HP+frRsJpLUMjmUlRWx5IquY1D1FHKY3 07WdPgmmI/TKHB2kl5WtTGYMRnseclpMWcIZuNNY+80KdO/o4tKShXOd4UU0Skdh xFrUet5TJ/X+7LcwRTxY8tSV3uvi+KWv40DTV2MrBgNrB8WZWzaoU= Received: (qmail 24651 invoked by alias); 16 Feb 2020 00:02:35 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 24638 invoked by uid 89); 16 Feb 2020 00:02:35 -0000 Authentication-Results: sourceware.org; auth=none X-HELO: zimbra.cs.ucla.edu Subject: Re: [PATCH 1/3] : Add type safety and port to Hurd To: Florian Weimer Cc: libc-alpha@sourceware.org, Samuel Thibault References: <61b49643-9c7b-7060-6eb7-21060dd6e22f@cs.ucla.edu> <87wo8oxa63.fsf@oldenburg2.str.redhat.com> From: Paul Eggert Message-ID: Date: Sat, 15 Feb 2020 16:02:28 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <87wo8oxa63.fsf@oldenburg2.str.redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 2/15/20 5:16 AM, Florian Weimer wrote: > INT_STRLEN_BOUND is 11, right? Yes, it's a bound on the string length of a printed int, and that's 11 in the typical case of 32-bit int because the int might be negative. I didn't lose sleep over the wasted byte, but if we want a tighter bound then we could use INT_STRLEN_BOUND (int) - 1 instead. However, it might be better to leave it alone so that we can use the code below. > The problem is when an application passes an invalid descriptor to some > libc function and that ends up with __fd_to_filename. We should not > make matters worse in that case. If it's not a precondition that the descriptor is nonnegative, we can't simply return a copy of FD_TO_FILENAME_PREFIX as that's an existing filename. Instead, how about the following? It uses a randomish garbage filename beginning with "-" which should be good enough, and it doesn't cost a conditional branch to handle negative descriptors. char * __fd_to_filename (int descriptor, struct fd_to_filename *storage) { char *p = mempcpy (storage->buffer, FD_TO_FILENAME_PREFIX, strlen (FD_TO_FILENAME_PREFIX) - 1); /* If DESCRIPTOR is negative, arrange for the filename to not exist by prepending any byte other than '/', '.', '\0' or an ASCII digit. The rest of the filename will be gibberish that fits. */ *p = '-'; p += descriptor < 0; for (int d = descriptor; p++, (d /= 10) != 0; ) continue; *p = '\0'; for (int d = descriptor; *--p = '0' + d % 10, (d /= 10) != 0; ) continue; return storage->buffer; }