Date: Thu, 31 Jul 2025 12:16:03 -0400
On Thu, Jul 31, 2025 at 12:12 PM zxuiji <gb2985_at_[hidden]> wrote:
>
> how's it UB? it's basic pointer arithmetic, not derefencing a pointer. snprintf could provide the garauntee that within said address range it would be able to optionally prevent a segfault, which is enough for a developer to potentially see the log of caught instances before a hacker could cotton on and exploit it.
[expr.add]/4: https://timsong-cpp.github.io/cppwp/expr.add#4
If the pointer is not a pointer to an array, pointer arithmetic is not
defined (except in the case of a null pointer, but only if the added
value is zero). `nullptr` is not a pointer to an array. Thus UB.
> On Thu, 31 Jul 2025 at 17:08, Jason McKesson via Std-Proposals <std-proposals_at_[hidden]> wrote:
>>
>> On Thu, Jul 31, 2025 at 12:03 PM zxuiji via Std-Proposals
>> <std-proposals_at_[hidden]> wrote:
>> >
>> > thiago I used NULL there to indicate what would be passed if something like the following occurred:
>> >
>> > int leng = 0, index = 0;
>> > char *text = foo(&leng,&index);
>> > // oops didn't check foo succeeded:
>> > snprintf( buff, max, ".*s", leng, text + index );
>>
>> That's interesting, but it's still UB the moment `text+index` is
>> executed. Which happens *before* `snprintf` gets called.
>>
>> > On Thu, 31 Jul 2025 at 16:59, Thiago Macieira via Std-Proposals <std-proposals_at_[hidden]> wrote:
>> >>
>> >> On Thursday, 31 July 2025 08:56:26 Pacific Daylight Time zxuiji via Std-
>> >> Proposals wrote:
>> >> > snprintf( buff, max, "%.*s", length, NULL + index. ) could catch the
>> >> > invalid pointer (so long as index is small) before a segfault can occur and
>> >> > if stdlib is not in debug mode then allow the segafault to occur, otherwise
>> >> > return -1 and set errno to some relevant value
>> >>
>> >> Do note that the program is UB before snprintf() was called.
>> >>
>> >> Could such a check function ever be used *before* UB happened?
>> >>
>> >> --
>> >> Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
>> >> Principal Engineer - Intel Platform & System Engineering
>> >>
>> >>
>> >>
>> >> --
>> >> Std-Proposals mailing list
>> >> Std-Proposals_at_[hidden]
>> >> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>> >
>> > --
>> > Std-Proposals mailing list
>> > Std-Proposals_at_[hidden]
>> > https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>> --
>> Std-Proposals mailing list
>> Std-Proposals_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>
> how's it UB? it's basic pointer arithmetic, not derefencing a pointer. snprintf could provide the garauntee that within said address range it would be able to optionally prevent a segfault, which is enough for a developer to potentially see the log of caught instances before a hacker could cotton on and exploit it.
[expr.add]/4: https://timsong-cpp.github.io/cppwp/expr.add#4
If the pointer is not a pointer to an array, pointer arithmetic is not
defined (except in the case of a null pointer, but only if the added
value is zero). `nullptr` is not a pointer to an array. Thus UB.
> On Thu, 31 Jul 2025 at 17:08, Jason McKesson via Std-Proposals <std-proposals_at_[hidden]> wrote:
>>
>> On Thu, Jul 31, 2025 at 12:03 PM zxuiji via Std-Proposals
>> <std-proposals_at_[hidden]> wrote:
>> >
>> > thiago I used NULL there to indicate what would be passed if something like the following occurred:
>> >
>> > int leng = 0, index = 0;
>> > char *text = foo(&leng,&index);
>> > // oops didn't check foo succeeded:
>> > snprintf( buff, max, ".*s", leng, text + index );
>>
>> That's interesting, but it's still UB the moment `text+index` is
>> executed. Which happens *before* `snprintf` gets called.
>>
>> > On Thu, 31 Jul 2025 at 16:59, Thiago Macieira via Std-Proposals <std-proposals_at_[hidden]> wrote:
>> >>
>> >> On Thursday, 31 July 2025 08:56:26 Pacific Daylight Time zxuiji via Std-
>> >> Proposals wrote:
>> >> > snprintf( buff, max, "%.*s", length, NULL + index. ) could catch the
>> >> > invalid pointer (so long as index is small) before a segfault can occur and
>> >> > if stdlib is not in debug mode then allow the segafault to occur, otherwise
>> >> > return -1 and set errno to some relevant value
>> >>
>> >> Do note that the program is UB before snprintf() was called.
>> >>
>> >> Could such a check function ever be used *before* UB happened?
>> >>
>> >> --
>> >> Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
>> >> Principal Engineer - Intel Platform & System Engineering
>> >>
>> >>
>> >>
>> >> --
>> >> Std-Proposals mailing list
>> >> Std-Proposals_at_[hidden]
>> >> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>> >
>> > --
>> > Std-Proposals mailing list
>> > Std-Proposals_at_[hidden]
>> > https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>> --
>> Std-Proposals mailing list
>> Std-Proposals_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
Received on 2025-07-31 16:16:19