1. Forum
  2. Usenet
  3. COMP.STD.C

  • Is a clarification request needed for mbstowcs writing beyond 0?

    From Philipp Klaus Krause@21:1/5 to All on Mon May 11 17:33:56 2020
    size_t mbstowcs(wchar_t *restrict pwcs, const char *restrict s, size_t n);

    According to my interpretation of the specification of mbstowcs (and
    wcstombs) in the C standard, these functions are not allowed to write
    beyond a terminating 0. The question was discussed in comp.lang.c today.
    So far, it seems everyone agrees.

    However, Ubuntu does not. On Ubuntu 18.04 with all GCC versions I tried
    (5.5.0, 6.5.0, 7.5.0, 8.4.0), these functions will write up to n bytes,
    i.e. beyond a 0 in the string.
    On the other hand GCC and LLVM on Debian, and LLVM on Ubuntu will not
    write after a terminating 0.

    The GNU/Linux manual page states
    "size_t mbstowcs(wchar_t *dest, const char *src, size_t n); […]
    The programmer must ensure that there is room for at least n wide
    characters at dest."

    So clearly, people interpret the specification of these C functions differently.

    I guess we need a proposal to make WG14 decide and clarify?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Philipp Klaus Krause@21:1/5 to All on Mon May 11 21:02:55 2020
    Am 11.05.20 um 20:27 schrieb Florian Weimer:
    I don't think there is much ambiguity in the standard (at least when
    compared to other areas). This is a glibc documentation issue
    (the non-default _FORTIFY_SOURCE=2 mode is not standards-conforming).


    Thanks. Indeed the glibc manual currently only states "If this macro is
    defined to 1, security hardening is added to various library functions.
    If defined to 2, even stricter checks are applied."

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Florian Weimer@21:1/5 to All on Mon May 11 20:27:57 2020
    * Philipp Klaus Krause:

    size_t mbstowcs(wchar_t *restrict pwcs, const char *restrict s, size_t n);

    According to my interpretation of the specification of mbstowcs (and wcstombs) in the C standard, these functions are not allowed to write
    beyond a terminating 0. The question was discussed in comp.lang.c today.
    So far, it seems everyone agrees.

    However, Ubuntu does not. On Ubuntu 18.04 with all GCC versions I tried (5.5.0, 6.5.0, 7.5.0, 8.4.0), these functions will write up to n bytes,
    i.e. beyond a 0 in the string.
    On the other hand GCC and LLVM on Debian, and LLVM on Ubuntu will not
    write after a terminating 0.

    The GNU/Linux manual page states
    "size_t mbstowcs(wchar_t *dest, const char *src, size_t n); […]
    The programmer must ensure that there is room for at least n wide
    characters at dest."

    So clearly, people interpret the specification of these C functions differently.

    I guess we need a proposal to make WG14 decide and clarify?

    I don't think there is much ambiguity in the standard (at least when
    compared to other areas). This is a glibc documentation issue
    (the non-default _FORTIFY_SOURCE=2 mode is not standards-conforming).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)