| Message ID | 20240705120512.12046-2-alx@kernel.org |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] string/string.h: strsep(): Remove 'restrict' from delim | expand |
diff --git a/string/string.h b/string/string.h index d2d5c5f1f9..256e2b181f 100644 --- a/string/string.h +++ b/string/string.h @@ -468,8 +468,7 @@ extern void explicit_bzero (void *__s, size_t __n) __THROW __nonnull ((1)) /* Return the next DELIM-delimited token from *STRINGP, terminating it with a '\0', and update *STRINGP to point past it. */ -extern char *strsep (char **__restrict __stringp, - const char *__restrict __delim) +extern char *strsep (char **__restrict __stringp, const char *__delim) __THROW __nonnull ((1, 2)); #endif
*stringp and delim should be allowed to alias each other, as strcspn(3) does. There are no optimizations that would benefit of restricted pointers. One could say that calling strsep with aliasing pointers would be nonsense, and it might be true, but so is calling strcspn(3) with aliasing pointers, and we don't prohibit that. strsep(3) doesn't have any special reasons to impose more restrictions than strcspn(3). It seems it was added in a (churny) patch that adds the qualifier to several functions, so it was probably just an accident, or didn't get much attention. Reported-by: chux <https://codereview.stackexchange.com/users/29485/chux-reinstate-monica> Link: <https://codereview.stackexchange.com/questions/173723/string-separator-similar-to-strtok/292820?noredirect=1#comment583130_292820> Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112833> Fixes: a6ff34d7b0b5 ("Update.") Cc: Paul Eggert <eggert@cs.ucla.edu> Signed-off-by: Alejandro Colomar <alx@kernel.org> --- Hi! v2 changes: - Only remove 'restrict' from delim. stringp must not alias. It's *stringp which should be allowed to alias delim. - Add a link to a similar problem in strtol(3) (that one is even worse, because while I don't expect anyone to call strsep(3) with aliasing pointers, I do expect --and have done myself-- programmers to call strtol(3) with aliasing pointers). I'll send a patch for strtol(3) (I thought I had, but it seems I had only reported the bug to GCC). - CC Paul. Cheers, Alex Range-diff against v1: 1: 36181df643 ! 1: 7535249f67 string/string.h: strsep(): Remove 'restrict' @@ Metadata Author: Alejandro Colomar <alx@kernel.org> ## Commit message ## - string/string.h: strsep(): Remove 'restrict' + string/string.h: strsep(): Remove 'restrict' from delim - This function doesn't need 'restrict' at all. It seems it was added in - a (churny) patch that adds the qualifier to several functions, so it was - probably just an accident. + *stringp and delim should be allowed to alias each other, as strcspn(3) + does. There are no optimizations that would benefit of restricted + pointers. + + One could say that calling strsep with aliasing pointers would be + nonsense, and it might be true, but so is calling strcspn(3) with + aliasing pointers, and we don't prohibit that. strsep(3) doesn't have + any special reasons to impose more restrictions than strcspn(3). + + It seems it was added in a (churny) patch that adds the qualifier to + several functions, so it was probably just an accident, or didn't get + much attention. Reported-by: chux <https://codereview.stackexchange.com/users/29485/chux-reinstate-monica> Link: <https://codereview.stackexchange.com/questions/173723/string-separator-similar-to-strtok/292820?noredirect=1#comment583130_292820> + Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112833> Fixes: a6ff34d7b0b5 ("Update.") + Cc: Paul Eggert <eggert@cs.ucla.edu> Signed-off-by: Alejandro Colomar <alx@kernel.org> ## string/string.h ## @@ string/string.h: extern void explicit_bzero (void *__s, size_t __n) __THROW __no terminating it with a '\0', and update *STRINGP to point past it. */ -extern char *strsep (char **__restrict __stringp, - const char *__restrict __delim) -+extern char *strsep (char **__stringp, const char *__delim) ++extern char *strsep (char **__restrict __stringp, const char *__delim) __THROW __nonnull ((1, 2)); #endif string/string.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)