Date: Wed, 13 Dec 2000 09:25:51 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: phk@critter.freebsd.dk (Poul-Henning Kamp) Cc: tlambert@primenet.com (Terry Lambert), kris@citusc.usc.edu, des@ofug.org (Dag-Erling Smorgrav), arch@FreeBSD.ORG Subject: Re: Safe string formatting in the kernel Message-ID: <200012130925.CAA27496@usr08.primenet.com> In-Reply-To: <88311.976699218@critter> from "Poul-Henning Kamp" at Dec 13, 2000 10:20:18 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> >> I don't necessarily see that as a bad thing :-) > >> > >> The main trouble is bad syscall API design: All strings should be > >> passed by pointer+length, rather than asciiz sematics. > > > >DEFINITELY. > > > >This would let you do the allocation based on peeking at the > >size prior to copying the whole string in. Count prefix strings > >are one thing the C language has been missing for years. > > ...unfortunately, just like many other good things, we can't > easily change the API of things like open(2)... Why not? The open(2) call is a library stub anyway; I'm strongly of the opinion that POSIX semantics are a near useless subset of the desirable semantics, and map a tiny amount of the problem space. They probably deserve to be in libc, rather than fossilized into the system call interface. For example, the idea of a synchronous system call is really an asynchronous call plus an aiowait on the call status structure... it would sure make it a hell of a lot easier to implement a threads library. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012130925.CAA27496>