Hi Evgeny, On Fri, Mar 18, 2022 at 12:11:50PM +0300, Evgeny Vereshchagin wrote: > > The ar_size field is a 10 character string, not zero terminated, of > > decimal digits right padded with spaces. Make sure it actually starts > > with a digit before calling atol on it. We already make sure it is > > zero terminated. Otherwise atol might produce unexpected results. > > As far as I can tell the patch fixes that particular issue. Thanks!
Thanks for testing. > On a somewhat related note, looking at > https://sourceware.org/bugzilla/show_bug.cgi?id=24085 where > read_long_names started appending a trailing '\0' to strings without > trailing spaces only I wonder if it would be better to always append > trailing zero bytes there? It would make ASan stop complaining about > read_long_names with ASAN_OPTIONS=strict_string_checks=1 (which is > supposed to look for places where strings without trailing zeroes > are passed to functions expecting null-terminated strings). I guess the idea is that there could be an atoi implementation that starts from the end of the string? But I think that is super unlikely since atoi (and strtol) is defined on the initial portion of the character array. The algorithm is described as working from the start and once a valid digit is found any non-digit terminates the algorithm, there seems to be no requirement that that char should be a zero terminator. So I think that asan strict-string check is not really correct. Also since the ar_size is defined as a character array that only contains digits and (right padded) spaces (but no zero terminator), we would have to copy the chars always if we would add a zero terminator. Which is very unlikely (except when the size is larger than 999999999 bytes, 953 MB. Cheers, Mark
