coresight: getcwd: modify the processing of parameters

Submitted by Liu Jie on Dec. 18, 2019, 2:51 a.m.

Details

Message ID 20191218025132.111684-1-liujie1@huawei.com
State New
Series "coresight: getcwd: modify the processing of parameters"
Headers show

Commit Message

Liu Jie Dec. 18, 2019, 2:51 a.m.
According to POSIX 2008, the getcwd() function shall fail if:
[EINVAL] The size argument is 0.
[ERANGE] The size argument is greater than 0, but is smaller
         than the length of the string +1.
The size should not be assigned, even if buf is NULL, otherwise
the error ERANGE cannot be correctly judged.

Signed-off-by: Liu Jie <liujie1@huawei.com>
---
 src/unistd/getcwd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/src/unistd/getcwd.c b/src/unistd/getcwd.c
index f407ffe0..ee2e97e9 100644
--- a/src/unistd/getcwd.c
+++ b/src/unistd/getcwd.c
@@ -9,8 +9,8 @@  char *getcwd(char *buf, size_t size)
 	char tmp[buf ? 1 : PATH_MAX];
 	if (!buf) {
 		buf = tmp;
-		size = sizeof tmp;
-	} else if (!size) {
+	}
+	if (!size) {
 		errno = EINVAL;
 		return 0;
 	}

Comments

Rich Felker Dec. 18, 2019, 3:52 a.m.
On Wed, Dec 18, 2019 at 10:51:32AM +0800, Liu Jie wrote:
> According to POSIX 2008, the getcwd() function shall fail if:
> [EINVAL] The size argument is 0.
> [ERANGE] The size argument is greater than 0, but is smaller
>          than the length of the string +1.
> The size should not be assigned, even if buf is NULL, otherwise
> the error ERANGE cannot be correctly judged.
> 
> Signed-off-by: Liu Jie <liujie1@huawei.com>
> ---
>  src/unistd/getcwd.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/unistd/getcwd.c b/src/unistd/getcwd.c
> index f407ffe0..ee2e97e9 100644
> --- a/src/unistd/getcwd.c
> +++ b/src/unistd/getcwd.c
> @@ -9,8 +9,8 @@ char *getcwd(char *buf, size_t size)
>  	char tmp[buf ? 1 : PATH_MAX];
>  	if (!buf) {
>  		buf = tmp;
> -		size = sizeof tmp;
> -	} else if (!size) {
> +	}
> +	if (!size) {
>  		errno = EINVAL;
>  		return 0;
>  	}

This breaks getcwd(0,123) and similar; I think you missed that the
behavior of such is unspecified (and even if it weren't explicitly
unspecified, it would be undefined since a null pointer wouldn't meet
the requirement to point to an array. See (DESCRIPTION):

    "If buf is a null pointer, the behavior of getcwd() is
    unspecified."

and (RATIONALE):

    "On some implementations, if buf is a null pointer, getcwd() may
    obtain size bytes of memory using malloc(). In this case, the
    pointer returned by getcwd() may be used as the argument in a
    subsequent call to free(). Invoking getcwd() with buf as a null
    pointer is not recommended in conforming applications."

We do differ from glibc and some other implementations here in that
size is not used; rather the buffer allocated is always sized to match
what's needed for the string. This behavior is outside the scope of
the standard and arguably better than what other implementations do
(it does not spuriously fail due to short size nor waste memory on an
oversized buffer), but I recall someone complaining once that it
differed.

Rich