Page MenuHomeFreeBSD
Differential D39687

libc: Add missing size check to qsort_s(3)
ClosedPublic
Actions

Authored by hselasky on Apr 19 2023, 10:24 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 17, 12:54 AM
Unknown Object (File)
Apr 8 2024, 5:36 PM
Unknown Object (File)
Mar 18 2024, 6:03 AM
Unknown Object (File)
Jan 17 2024, 6:25 AM
Unknown Object (File)
Jan 14 2024, 7:01 AM
Unknown Object (File)
Dec 18 2023, 10:54 AM
Unknown Object (File)
Nov 27 2023, 12:51 PM
Unknown Object (File)
Nov 23 2023, 7:43 AM
View All 29 Files
Subscribers
None

Details

Reviewers
kib
delphij
imp
emaste
hselasky
Commits
rGee5121192a77: libc: Add missing object size check to qsort_s(3)
rG27bb0d337c0d: libc: Add missing object size check to qsort_s(3)
Summary

I find it very strange both the C11 standard
(ISO/IEC 9899:2011, K.3.6.3.2) and the ISO/IEC JTC1 SC22 WG14 N1172 standard,
does not define sorting an array having objects of zero size,
as undefined behaviour.

Add proper checks for this. Found while working on bsort(3).

MFC after: 1 week
Sponsored by: NVIDIA Networking

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

hselasky requested review of this revision.Apr 19 2023, 10:24 AM
hselasky created this revision.

Can I have a quick go on this one?

hselasky added a comment.Apr 19 2023, 10:27 AM

The qsort code actually use the object size for advancing for loops, so clearly we should catch this regardless of ISO definitions.

hselasky added a reviewer: emaste.Apr 19 2023, 10:32 AM
hselasky edited the summary of this revision. (Show Details)Apr 19 2023, 10:51 AM
emaste added a comment.Apr 19 2023, 12:52 PM

Interesting, https://en.cppreference.com/w/c/algorithm/qsort

Unlike other bounds-checked functions, qsort_s does not treat arrays of zero size as a runtime constraint violation and instead returns successfully without altering the array

I'd take this to mean n == 0 but I think it's ambiguous; their previous use of size is in reference to element size.

But Microsoft's docs https://github.com/MicrosoftDocs/cpp-docs/blob/main/docs/c-runtime-library/reference/qsort-s.md explicitly show width <= 0 as EINVAL.

I think your change is good.

kib accepted this revision.Apr 19 2023, 1:18 PM
kib added inline comments.
lib/libc/stdlib/qsort.3
273–277
This revision is now accepted and ready to land.Apr 19 2023, 1:18 PM
hselasky added a comment.Apr 19 2023, 1:20 PM

@emaste : "<= 0" is for the future, in case the type changes to be signed.

emaste accepted this revision.Apr 19 2023, 1:21 PM
emaste added a comment.Apr 19 2023, 1:21 PM
In D39687#903226, @hselasky wrote:

@emaste : "<= 0" is for the future, in case the type changes to be signed.

Yep, my point is just that the MS docs already have exactly this case.

hselasky accepted this revision.Apr 19 2023, 1:26 PM
hselasky marked an inline comment as done.

Thank you for your reviews!

Closed by commit rG27bb0d337c0d: libc: Add missing object size check to qsort_s(3) (authored by hselasky). · Explain WhyApr 19 2023, 1:37 PM
This revision was automatically updated to reflect the committed changes.
hselasky added a commit: rG27bb0d337c0d: libc: Add missing object size check to qsort_s(3).
hselasky added a commit: rGee5121192a77: libc: Add missing object size check to qsort_s(3).Apr 30 2023, 6:59 AM

Revision Contents
Changeset List

PathSize
lib/
libc/
stdlib/
10 lines
4 lines

Diff 120649

View Options

lib/libc/stdlib/qsort.3

Loading...
View Options

lib/libc/stdlib/qsort.c

Loading...