From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 109fba,df854b5838c3e14 X-Google-Attributes: gid109fba,public X-Google-Thread: 103376,df854b5838c3e14 X-Google-Attributes: gid103376,public X-Google-Thread: 10db24,fec75f150a0d78f5 X-Google-Attributes: gid10db24,public X-Google-Thread: 1014db,df854b5838c3e14 X-Google-Attributes: gid1014db,public From: dewar@cs.nyu.edu (Robert Dewar) Subject: Re: ANSI C and POSIX (was Re: C/C++ knocks the crap out of Ada) Date: 1996/04/08 Message-ID: #1/1 X-Deja-AN: 146465557 references: <4k9qhe$65r@solutions.solon.com> <4kb2j8$an0@solutions.solon.com> organization: Courant Institute of Mathematical Sciences newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.edu Date: 1996-04-08T00:00:00+00:00 List-Id: Peter said "How? No offense meant, but any code which can be affected by this is flat out broken. POSIX-style read is to be given a pointer to at least nbytes of space, for the information read. Period." That's really confusing, the code in question DID give a buffer large enough to hold nbytes of data, where nbytes is the number of bytes for "the information read". Maybe I don't understand, but reading the above sentence, it sounds like you would be surprised by the Linux behavior. Here is the exact case. We declare a buffer of 100 bytes. We read a 1000 bytes from a file whose total length is 68 bytes. On all systems that we had experience with other than Linux, this worked fine, the first 68 bytes of the buffer is filled, and the remaining 32 bytes is unused. I am not claiming this is "correct" code in some abstract sense. I certainly can't tell that it is wrong from the definitions I have of the read function. What I am claiming is that this worked on all systems we tried it on, and then failed on Linux. I am not saying Linux is wrong here, just that its behavior was surprising! The code in question made 100% sure that the data read would never exceed the buffer size, and I would have been hard pressed to determine that the code was incorrect. I am not sure that POSIX is relevant here, almost none of the systems on which we ran claimed POSIX compliance. Peter, can you post the POSIX wording on read, I don't have it at hand. Does it in fact make it clear that the Linux behavior is correct and that the program was wrong. Let's suppose that the POSIX standard does in fact make it clear that the Linux behavior is correct. I still think the check is unwise (note that the check is not against the actual size of the buffer given, this is of course impossible in C, it is against the end of the address range of the data area). It's a good example of the kind of principle I mentioned before. Since almost all systems allow the program I described above to work correctly, and it is manifestly safe programming evenif the check is not present, I think it would be a better choice for Linux not to do this extra check.