Date: Wed, 12 Feb 1997 19:55:45 +1100 From: Bruce Evans <bde@zeta.org.au> To: danny@panda.hilink.com.au, hackers@freebsd.org Subject: Re: strlen() question Message-ID: <199702120855.TAA07979@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>Below is the code for strlen() from libc. It is extremely simple, and >fast. Is it really safe to assume that strlen() will never exceed process >memory bounds before striking a '\0'? Or should there be a strnlen() >function in libc for checking the length of suspicious strings? The i386 version is actually in strlen.S. Strings are nul-terminated by definition. strlen() is only required to work if its arg points to the first character of a string (this is a bit different from strncpy(), which is required to work if its args point to suitably large (non necessarily null terminated) character arrays). If strlen()'s arg points to a non-terminated string, the behaviour is undefined. In systems with vm, the actual behaviour is probably to cause a SIGSEGV or SIGBUS. However, most improperly terminated strings are usually terminated by a nul in garbage beyond them before the end of the process's address space. Some fancy implementations of strlen() access memory a word at a time. They have to worry about accessing beyond the end of the string and hitting the end of the address space. On many systems, it is harmless to access beyond the end provided that accesses are word aligned and the first byte of the word is in the string. There probably shouldn't be a strnlen() because suspicious strings don't occur naturally. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702120855.TAA07979>