From: Linus Torvalds <torvalds@linux-foundation.org>
To: Timo Sirainen <tss@iki.fi>
Cc: git@vger.kernel.org
Subject: Re: Buffer overflows
Date: Thu, 30 Aug 2007 21:09:16 -0700 (PDT) [thread overview]
Message-ID: <alpine.LFD.0.999.0708302050170.25853@woody.linux-foundation.org> (raw)
In-Reply-To: <7D84F3C7-129D-4197-AAF1-46298E5D0136@iki.fi>
On Fri, 31 Aug 2007, Timo Sirainen wrote:
> >
> > Perhaps because your patch was using a totally nonstandard and slow
> > interface, and had nasty string declaration issues, as people even pointed
> > out to you.
>
> Slow?
Having a string library, and then implementing "str_append()" with a
strlen() sounds pretty disgusting to me.
Gcc could have optimized the strlen() away for constant string arguments,
but since you made the thing out-of-line, it can't do that any more.
So yes, I bet there are faster string libraries out there.
> The code should be easy to verify to be secure, and with some kind of a safe
> string API it's a lot easier than trying to figure out corner cases where
> strcpy() calls break.
I actually looked at the patches, and the "stringbuf()" thing was just too
ugly to live. It was also nonportable, in that you use the reserved
namespace (which we do extensively in the kernel, but that's an
"embdedded" application that doesn't use system header files).
So the API was anything but "safe".
I think something like that could work, but it really should be done
right, or not at all.
Linus
next prev parent reply other threads:[~2007-08-31 4:09 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-30 19:26 Buffer overflows Timo Sirainen
2007-08-30 20:26 ` Lukas Sandström
2007-08-30 20:46 ` Linus Torvalds
2007-08-30 21:08 ` Timo Sirainen
2007-08-30 21:35 ` Reece Dunn
2007-08-30 21:51 ` Timo Sirainen
2007-08-30 22:34 ` Reece Dunn
2007-08-31 10:52 ` Wincent Colaiuta
2007-08-31 12:48 ` Simon 'corecode' Schubert
2007-08-30 22:14 ` Junio C Hamano
2007-08-30 22:36 ` Pierre Habouzit
2007-08-30 22:41 ` Timo Sirainen
2007-09-02 13:42 ` Johan Herland
2007-09-02 15:11 ` Reece Dunn
2007-09-02 15:19 ` David Kastrup
2007-09-02 15:35 ` Reece Dunn
2007-09-03 0:19 ` Jakub Narebski
2007-09-03 0:31 ` Junio C Hamano
2007-09-02 17:17 ` René Scharfe
2007-09-02 17:39 ` Lukas Sandström
2007-08-31 4:09 ` Linus Torvalds [this message]
2007-08-31 5:00 ` Timo Sirainen
2007-08-31 9:53 ` Andreas Ericsson
2007-08-31 10:06 ` Johannes Schindelin
2007-08-30 21:48 ` [PATCH] Temporary fix for stack smashing in mailinfo Alex Riesen
2007-08-30 22:53 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LFD.0.999.0708302050170.25853@woody.linux-foundation.org \
--to=torvalds@linux-foundation.org \
--cc=git@vger.kernel.org \
--cc=tss@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).