Re: strscpy

[Robert Elz <kre%munnari.OZ.AU@localhost>]

    Date:        Tue, 19 May 2020 14:39:52 +0200
    From:        Kamil Rytarowski <n54%gmx.com@localhost>
    Message-ID:  <ab8f6ba3-f9f4-fede-c0d3-33fb340138df%gmx.com@localhost>

  | I object to the claim that this is broken, it's the design and feature
  | that we can receive error codes for very rare situations.

You're right that write() (etc) are less broken than strscpy(), as
write() only returns length or -1, which means any other negative
result is just a big positive one that didn't fit the type.  strscpy()
doesn't have that property, and while I understand the desire not to
use errno (for a myriad of reasons) that doesn't make its design reasonable.

  | It's very unlikely to have single operation such as byte transfer that
  | matches the whole size of the address space.

More (or exactly) half of it is what matters.

  | 16bit address space support will never be possible in a modern generic
  | purpose operating system like NetBSD.

Probably not.   But that isn't the issue, what is is that ...

  | This domain is for systems like Fuzix or BSD 2.11.

those systems should be able to use a good, well designed, string
copy function as well.   We shouldn't be designing interfaces that
only work on big systems (except obviously where that is the point
of the interface ... not relevant here).

  | However if we would port only this function to PDP-11, strscpy() we have
  | no way to avoid overlapping memory regions and this is not the domain of
  | this function.

Aside from that it perhaps should be (needing to use a different
function when there may be an overlap is one of the biggest bug
sources that there is - it might not be such a security issue as
buffer overflows, but it is certainly a cause for many problems)
I can see that point - if copying more than half the address space
(and given that addr 0 is never valid, even copying exactly half
the address space) requires an overlap.

Even with that, I still don't like overloading the result.

kre