Defect Report #430

Previous Defect Report < - > Next Defect Report


Submitter: Douglas Walls
Submission Date: 2013-02-11
Source: WG 14
Reference Document: N1674
Version: 1.0
Date: April 2013
Subject: getenv_s, maxsize should be allowed to be zero

Summary

getenv_s, Annex K.3.6.2.1p2 under Runtime-constraints says:

  name shall not be a null pointer. maxsize shall neither equal zero nor be greater than
  RSIZE_MAX. If maxsize is not equal to zero, then value shall not be a null pointer.

Question here is, if maxsize really cannot be 0.  If it cannot be
zero, why does the 2nd sentence mention the condition that (maxsize != 0)?

If maxsize can be 0, it would allow the value to be a null pointer
which allows what is described in 6.6.2.1 of TR24731 (N1173) cleanly:

  The getenv_s function can also be used to get the size needed to
  represent the result. This allows the programmer to first call
  getenv_s to get the size, then allocate a buffer to hold the result,
  and then call getenv_s again to actually obtain the result."

if maxsize can be zero, then I think we would get the length of string thusly:
    getenv_s(&len, NULL, 0, "HOME");

However, since maxsize cannot be 0 which also requires value not to be
a null pointer, we would need to do something like this:
    getenv_s(&len, something, 1, "HOME");

AFAICT, getnenv_s as specified in C11 exactly matches what was in TR24731 (N1172).
What is in TR24731 (N1172) does not coincide with what is in the rational
for TR24731 (N1173).  The wording in TR24731 (N1172) (and by extension
C11) is awkward and it certainly looks like an update intended to correspond to
the rational for TR24731 (N1173) was either misapplied or not applied.

Suggested Technical Corrigendum

Replace Annex K.3.6.2.1p2 second sentence with:

maxsize shall not be greater than RSIZE_MAX.

K.3.6.2.1p2 would then read thusly:

name shall not be a null pointer.  maxsize shall not be greater than
RSIZE_MAX.  If maxsize is not equal to zero, then value shall not be a null pointer.


Apr 2013 meeting

Committee Discussion

Proposed Technical Corrigendum

Replace Annex K.3.6.2.1p2 second sentence with:

maxsize shall not be greater than RSIZE_MAX.

K.3.6.2.1p2 would then read thusly:

name shall not be a null pointer.  maxsize shall not be greater than
RSIZE_MAX.  If maxsize is not equal to zero, then value shall not be a null pointer.


Previous Defect Report < - > Next Defect Report