Skip to content

malloc(voodoo); str[l][cat][cpy](voodoo - magic); str[l][cat][cpy](voodoo - magic - moremagic); ... sucks dead moose through micropipettes. #1916

Open
Epic
0 of 2 issues completed
Open
malloc(voodoo); str[l][cat][cpy](voodoo - magic); str[l][cat][cpy](voodoo - magic - moremagic); ... sucks dead moose through micropipettes.#1916
Epic
0 of 2 issues completed
Assignees
esyrbob-beck
@bob-beck

Description

@bob-beck
bob-beck
opened on Mar 30, 2026

Image

In the before times, when men were men, and libc was a graduate student project, when you needed to
build strings, you simply splattered them together with a lot of manual computation of lengths, if you weren't
sure you added extra bytes an nul bytes, and everything sort of worked. Overflows were common.

Then a bunch of jerks from OpenBSD said that unbounded copy functions were bad, and that copy functions
should not overflow lengths, and overflow should be detectable. bounded cat and cpy functions were introduced
with reasonable way to check for truncation.. The folllowers said "hooray" and converted to use these functions
with great zeal, but as simple replacements without checking for truncation conditions, because thinking about
programs is hard. In many places realization dawned through taunting and shame that the contents of truncated
strings might matter, and just avoiding overflow was not good enough. Thought was necessary. Gradually the
zealots slowed their mindless zealotry and went to convert realistically with thought, and to ensure both the
overflow and the truncation problem were addressed.

Then enter the new age of artificial zealotry, and behold a new era of mindless conversion is upon us. Fortunately
mindless zealotry can be much more efficiently done by AI bringing us back the mindless changes of the Naughties more efficiently

That's a long winded intro to, we do a lot of
buf = malloc(a + b + c - (d + foo) + 1);
strlcat(buf, somebuf, a);
a[mabye a] = '/';
strlcat(buf, someotherbuf, (b - foo) );
...
...
/* yolo nul byte */
a[a + b + c - (d + foo) + 1] = '\0';

Yes in the bad old days, this was the way you did it. Rather than have AI's mindlessly convert this to "safe" (cough) we should take it for what it is that this is unpleasant and hard to validate or maintain.

We should bring in modern safe paradigms that work to make this much easier, and then sweep and convert them.

One of these we should have is asprintf which makes the above sort of nonsense one line.

which if we do could be followed by a sweep for such patterns to convert them.

We should also possibly consider CBS/CBB as used by BoringSSL and LIbreSSL - Libre has a much more limited version of this than Boring does.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Epic

Projects

Development Board

Status

Pre-Refinement

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions