Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

strncpy(d, s, 0) with one-past pointer

I want to understand if the following code is (always, sometimes or never) well-defined according to C11:

#include <string.h>
int main() {
  char d[5];
  char s[4] = "abc";
  char *p = s;
  strncpy(d, p, 4);
  p += 4; // one-past end of "abc"
  strncpy(d+4, p, 0); // is this undefined behavior?
  return 0;
}

C11 7.24.2.4.2 says:

The strncpy function copies not more than n characters (characters that follow a null character are not copied) from the array pointed to by s2 to the array pointed to by s1.

Note that s2 is an array, not a string (so the lack of null-terminator when p == s+4 is not an issue).

7.24.1 (String function conventions) applies here (emphasis mine):

Where an argument declared as size_t n specifies the length of the array for a function, n can have the value zero on a call to that function. Unless explicitly stated otherwise in the description of a particular function in this subclause, pointer arguments on such a call shall still have valid values, as described in 7.1.4. On such a call, a function that locates a character finds no occurrence, a function that compares two character sequences returns zero, and a function that copies characters copies zero characters.

The relevant part of the aforementioned 7.1.4 is (emphasis mine):

7.1.4 Use of library functions

Each of the following statements applies unless explicitly stated otherwise in the detailed descriptions that follow: If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined. If a function argument is described as being an array, the pointer actually passed to the function shall have a value such that all address computations and accesses to objects (that would be valid if the pointer did point to the first element of such an array) are in fact valid.

I'm having some trouble parsing the last part. The "all addresses computations and accesses to objects" seems to be trivially satisfied when n == 0 if I can suppose my implementation will not compute any addresses in this case.

In other words, in a strict interpretation of the standard, should I always refuse the program? Should I always allow it? Or is its correctness implementation-dependent (i.e., if the implementation computes the address of the first character before checking n, then the above code has UB, otherwise it doesn't)?

like image 654
anol Avatar asked Jul 27 '17 12:07

anol


People also ask

What does strncpy return on error?

The strncpy() function shall return s1; no return value is reserved to indicate an error.

What does strncpy () do?

The strncpy() function copies count characters of string2 to string1 . If count is less than or equal to the length of string2 , a null character (\0) is not appended to the copied string. If count is greater than the length of string2 , the string1 result is padded with null characters (\0) up to length count .

Does strncpy overwrite?

strncpy overwrites existing character string.

Does strncpy copy null terminator?

Description. The strcpy() function copies string2, including the ending null character, to the location that is specified by string1. The strcpy() function operates on null-ended strings. The string arguments to the function should contain a null character (\0) that marks the end of the string.


1 Answers

char *strncpy(char * restrict s1, const char * restrict s2, size_t n);

The strncpy function copies not more than n characters (...) from the array pointed to by s2" C11 §7.24.4.5 3

The details of strncpy() do not suffceintly answer the "strncpy(d, s, 0) with one-past pointer". Certainly access to *s2 is not expected, yet does access to *s2 need to be valid with n==0?

Neither does 7.24.1 (String function conventions).

7.1.4 Use of library functions does answer, depending on if the () part applies in part or in whole to the previous "this and that"

... If a function argument is described as being an array, the pointer actually passed to the function shall have a value such that all address computations and accesses to objects (that would be valid if the pointer did point to the first element of such an array) are in fact valid....

  1. If the "(that would be valid if the pointer did point to the first element of such an array)" applies to only "accesses to objects", then strncpy(d, s, 0) is fine as the pointer value needs not have array characteristics. It simply needs to be a valid computable value.

  2. If the "(that would be valid if the pointer did point to the first element of such an array)" applies also to "address computations", then strncpy(d, s, 0) is UB as the pointer value needs have array characteristics. which includes the valid address computation of one-passed s. Yet a valid computation address one-passed is not certain when s itself is a one-passed value.

As I read the spec, the first applies, thus defined behavior for 2 reasons. 1) the parenthetical part, from an English point-of-view, applies to the 2nd part and 2) access is not needed to perform the function.

The 2nd is a possible reading, but a stretch.

like image 126
chux - Reinstate Monica Avatar answered Nov 15 '22 17:11

chux - Reinstate Monica