Page MenuHomeFreeBSD
Differential D54622

libutil: take a size_t in trimdomain()
ClosedPublic
Actions

Authored by kevans on Jan 9 2026, 5:00 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Feb 21, 9:32 PM
Unknown Object (File)
Sat, Feb 21, 8:24 PM
Unknown Object (File)
Fri, Feb 20, 5:01 PM
Unknown Object (File)
Fri, Feb 20, 4:39 PM
Unknown Object (File)
Fri, Feb 20, 4:39 PM
Unknown Object (File)
Thu, Feb 19, 3:08 AM
Unknown Object (File)
Thu, Feb 19, 3:07 AM
Unknown Object (File)
Wed, Feb 11, 3:15 PM
View All 20 Files
Subscribers
des
imp
ziaee

Details

Reviewers
brooks
jrtc27
olce
des
Group Reviewers
Klara
manpages
Commits
rG7e70589b1bee: libutil: take a size_t in trimdomain()
Summary

INT_MAX is already larger than a reasonable hostname might be, but
size_t makes some of this easier to reason about as we do arithmetic
with it. This would maybe not be worth it if we had to bump the
soversion because of it, but libutil does symbol versioning now so we
can provide a compat shim.

While we're here, fix some inconsistencies in argument names in the
manpage.

Obtained from: https://github.com/apple-oss-distributions/libutil
Sponsored by: Klara, Inc.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans created this revision.Jan 9 2026, 5:00 PM
Herald added a reviewer: olce. · View Herald TranscriptJan 9 2026, 5:00 PM
Herald added subscribers: ziaee, imp. · View Herald Transcript
kevans requested review of this revision.Jan 9 2026, 5:00 PM
Harbormaster completed remote builds in B69765: Diff 169404.Jan 9 2026, 5:00 PM
kevans added a child revision: D54623: libutil: avoid an out-of-bounds read in trimdomain(3).Jan 9 2026, 5:00 PM
kevans added a reviewer: manpages.Jan 9 2026, 5:02 PM
ziaee added inline comments.Jan 9 2026, 6:08 PM
lib/libutil/trimdomain.3
66–67

What's an nn?

jrtc27 added inline comments.Jan 9 2026, 6:11 PM
lib/libutil/trimdomain.3
66–67

Integer display and screen numbers in an X11 DISPLAY env var

ziaee added a child revision: D54629: trimdomain.3: Explain DISPLAY a a bit more.Jan 9 2026, 6:44 PM
des added a subscriber: des.Tue, Feb 17, 5:03 PM
des added inline comments.
lib/libutil/trimdomain.c
96

should you check that hostsize is nonnegative? Clamp it to zero perhaps?

kevans added inline comments.Tue, Feb 17, 6:06 PM
lib/libutil/trimdomain.c
96

I had considered it, and I'm still a little torn. Here was my thought process: existing programs passing in a negative size today would end up with the following consequences:

  1. end <= (s = fullhost)
  2. (size_t)(end - s) is then a large size_t value

Thus it has a chance of working, but still the chance of overread addressed in the next patch. Clamping it to 0 means that it can't be successful even for a fullhost with a valid format, so I concluded that it might be better to just let it promote / convert to unsigned.

des accepted this revision.Tue, Feb 17, 11:06 PM
This revision is now accepted and ready to land.Tue, Feb 17, 11:06 PM
Closed by commit rG7e70589b1bee: libutil: take a size_t in trimdomain() (authored by kevans). · Explain WhyTue, Mar 3, 10:51 PM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rG7e70589b1bee: libutil: take a size_t in trimdomain().

Revision Contents
Changeset List

PathSize
lib/
libutil/
5 lines
2 lines
8 lines
18 lines

Diff 173087

View Options

lib/libutil/Symbol.map

Loading...
View Options

lib/libutil/libutil.h

Loading...
View Options

lib/libutil/trimdomain.3

Loading...
View Options

lib/libutil/trimdomain.c

Loading...