Making memcpy(NULL, NULL, 0) well-defined

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • glibc

    Discontinued GNU Libc (by lattera)

    I'm sure other folks could dig up the code for Newlib, uclibc, and others, and they'd see the same thing.

    On a related note, ISO C has THREE different things that most people tend to lump together as "undefined behavior." They are:

    Implementation-defined behavior: ISO doesn't require any particular behavior, but they do require implementations to consistently apply a particular behavior, and document that behavior.

    Unspecified behavior: ISO doesn't require any particular behavior, but they do require implementations to consistently use a particular behavior, but they don't require that behavior to be documented.

    Undefined behavior: ISO doesn't require any particular behavior, and they don't require implementations to define any particular behavior either.

    [1]: https://github.com/lattera/glibc/blob/master/string/memcpy.c

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • zfs

    OpenZFS on Linux and FreeBSD

    You can, but gcc may replace it with an equivalent set of instructions as a compiler optimization, so you would have no guarantee it is used unless you hack the compiler.

    On a related note, GCC optimizing away things is a problem for memset when zeroing buffers containing sensitive data, as GCC can often tell that the buffers are going to be freed and thus the write is deemed unnecessary. That is a security issue and has to be resolved by breaking the compiler’s optimization through a clever trick:

    https://github.com/openzfs/zfs/commit/d634d20d1be31dfa8cf06e... 12352

    Similarly, GCC may delete a memcpy to a buffer about to be freed, although I have never observed that as you generally don’t do that in production code.

  • rust

    Empowering everyone to build reliable and efficient software.

    In the general case, I think you might be right, although it's a bit mitigated by the fact that Rust does not have support for variable length arrays, alloca, or anything that uses them, in the standard library. As you said though, it's certainly possible.

    I was more referring to that specific linked advisory, which is unlikely to use either VLAs or alloca. In that case, where stack overflow would be caused by recursion, a guard frame will always be enough to catch it, and will result in a safe abort [0].

    [0] https://github.com/rust-lang/rust/pull/31333

  • busybox

    Docker Official Image packaging for Busybox (by docker-library)

    https://busybox.net/~landley/c99-draft.html#7.20.6.1

    "The abs, labs, and llabs functions compute the absolute value of an integer j. If the result cannot be represented, the behavior is undefined. (242)"

    242 The absolute value of the most negative number cannot be represented in two's complement.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Flattening ASTs (and Other Compiler Data Structures)

    4 projects | news.ycombinator.com | 10 Jan 2025
  • Optimizing uint64_t Digit Counting: A Method that Beats Lemire's by up to 27%

    4 projects | news.ycombinator.com | 5 Jan 2025
  • Weird Rust Expressions

    1 project | news.ycombinator.com | 1 Jan 2025
  • [Rust Self-Study] 1.1. Install Rust

    1 project | dev.to | 21 Dec 2024
  • Compiling C to Safe Rust, Formalized

    2 projects | news.ycombinator.com | 21 Dec 2024

Did you konow that C is
the 6th most popular programming language
based on number of metions?