From owner-freebsd-hackers  Thu Feb 13 08:30:01 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id IAA21897
          for hackers-outgoing; Thu, 13 Feb 1997 08:30:01 -0800 (PST)
Received: from FNAL.FNAL.Gov (fnal.fnal.gov [131.225.110.17])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA21858
          for <hackers@freefall.freebsd.org>; Thu, 13 Feb 1997 08:29:59 -0800 (PST)
Received: from aduxb.fnal.gov ("port 35372"@aduxb.fnal.gov)
 by FNAL.FNAL.GOV (PMDF V5.0-5 #3998) id <01IFD4BQSQEM001PIT@FNAL.FNAL.GOV> for
 hackers@freefall.freebsd.org; Thu, 13 Feb 1997 10:29:57 -0600
Received: from localhost by aduxb.fnal.gov (5.x/SMI-SVR4) id AA11729; Thu,
 13 Feb 1997 10:29:59 -0600
Date: Thu, 13 Feb 1997 10:29:58 -0600 (CST)
From: Richard Neswold <neswold@aduxb.fnal.gov>
Subject: Re: strlen() question, maybe str*cpy
In-reply-to: <199702130437.UAA17244@freefall.freebsd.org>
To: hackers@freefall.freebsd.org
Reply-to: neswold@FNAL.GOV
Message-id: <Pine.GSO.3.95.970213091402.11349B-100000@aduxb.fnal.gov>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Content-transfer-encoding: 7BIT
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> From: Ken Wong <wong@a17b32.rogerswave.ca>
> 
> On Wed, 12 Feb 1997, J Wunsch wrote:
> > Why?  The worst that would happen by touching off the end of your
> > address space is a SIGSEGV.  The problem with str*cpy() touching
> > beyond the bounds of their arrays is that they can _modify_ the stack
> > then, but that can't happen with strlen() since it doesn't modify
> > anything.
> 
> why isn't the str*cpy check the BP (base pointer?) register
> and use it to gaurd against stack over right?

Because it slows down the routine.

Because it would make it i386-specific (which would be a hassle for people
planning on porting FreeBSD to other platforms.)

Because it doesn't protect against all types of range errors, like

    void func(char const *str)
    {
        static char buf[100];

        strcpy(buf, str);
    }

In the above example, the copying might not reach the BP register but still
could overrun the static buffer and destroy other variables. 

  Rich

 ========================================================================
  Richard Neswold, Accelerator Div./Controls Dept |     neswold@fnal.gov
  Fermilab, PO Box 500, MS 347, Batavia, IL 60510 | voice (630) 840-3454
  'finger neswold@aduxb.fnal.gov' for PGP key     |   fax (630) 840-3093