New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TF-A implementation of `memcpy_s()` does not comply with C11 standard. #3

Open

sandrine-bailleux-arm opened this issue Jan 17, 2024 · 0 comments

Contributor

sandrine-bailleux-arm commented Jan 17, 2024

memcpy_s() function got introduced in the C11 standard. TF-A libc provides an implementation of it in file lib/libc/memcpy_s.c.

This implementation does not fully comply with the C11 standard for the following reasons:

(dsize > ssize) is allowed by the standard and thus should not be treated as an error. In this case, memcpy_s() should just copy ssize bytes.
Note that (ssize > dsize), on the other hand, is a genuine error case and TF-A code is correct for this one. It matches the following sentence from the C11 standard:

n shall not be greater than s1max

The following behaviour from the C11 standard is not implemented:

If there is a runtime-constraint violation, the memcpy_s function stores zeros in the first s1max characters of the object pointed to by s1 if s1 is not a null pointer and s1max is not greater than RSIZE_MAX.

I don't see anything in the C11 standard that forbids ssize to be zero. It just would not copy any byte at all but it should not be treated as an error.

The text was updated successfully, but these errors were encountered:

TrustedFirmware-A deleted a comment from openci-bot

TrustedFirmware-A deleted a comment from openci-bot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment