|Anonymous | Login||2021-03-01 19:38 UTC|
|Main | My View | View Issues | Change Log | Docs|
|Viewing Issue Simple Details|
|ID||Category||Severity||Type||Date Submitted||Last Update|
|0001447||[1003.1(2016/18)/Issue7+TC2] System Interfaces||Objection||Omission||2021-01-31 22:51||2021-01-31 22:51|
|Section||XSH 3 / fread; XSH 3 / fwrite; (maybe more)|
|Page Number||931, 1001|
|Line Number||None specifically, this is an omission...|
|Final Accepted Text|
|Summary||0001447: fread()/fwrite() (maybe more similar) specify no requirements on args|
This may be something that ought to be sent to the C standard committee, I will
leave that for others to determine.
As specified, neither fread() nor frwite() say anything at all about what
is required of their arguments - except perhaps for the stream arg, via the
list of errors from fgetc()/fputc() which are incorporated by reference.
In particular, while it is stated that the results for fread() or data
written for frwite() come from an unsigned char array that overlays the
data struct (*ptr), and it is implied that array is nitems * size bytes large
(never actually stated, but one can conclude that from the description)
there's no statement that the user's provided buffer actually needs to be
That is, if that is even possible to achieve, each of size and nitems is a
size_t, hence each (alone) is large enough to represent the largest possible
object that can exist - multiply them together and (unless at least one of
them is 0 or 1) it is possible to overflow the biggest possible object size,
and even if it is possible to write that much data, it cannot be done in an
overlayed char array (which being a single object must have a size that can
be represented in a size_t).
Add words to specify requirements on the args.
That is, ptr must point at a buffer which is at least nitems * size bytes
large, and nitems * size must not overflow a size_t.
The first is not possible for the functions to check, so that one must
simply be a requirement on the application, but the functions can validate
that nitems * size does not overflow, and I believe some implementations
check that, and return EINVAL if it happens.
Add EINVAL to the list of possible errors. EFAULT is probably also needed
- though some implementations probably SEGV instead of returning EFAULT,
it depends whether the implementation actually does a large sequence of
fgets/fputc calls, or whether it simply calls read() (or write()) and then
manipulates the stream data struct to handle that. These are errors that
don't occur from fgets()/fputc().
|Tags||No tags attached.|
|There are no notes attached to this issue.|
|2021-01-31 22:51||kre||New Issue|
|2021-01-31 22:51||kre||Name||=> Robert Elz|
|2021-01-31 22:51||kre||Section||=> XSH 3 / fread; XSH 3 / fwrite; (maybe more)|
|2021-01-31 22:51||kre||Page Number||=> 931, 1001|
|2021-01-31 22:51||kre||Line Number||=> None specifically, this is an omission...|
|Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group|