On Sat, Jan 31, 2026, 8:37 PM Jonathan Wakely <[email protected]> wrote: > > On Sat, 31 Jan 2026 at 12:25, Amit via austin-group-l at The Open > Group <[email protected]> wrote: > > > > On Sat, 31 Jan 2026 at 17:11, Guy Harris <[email protected]> wrote: > > > > > > On Jan 30, 2026, at 11:37 PM, Amit via austin-group-l at The Open Group > > > <[email protected]> wrote: > > > There are many more CVEs that happen because some inputs are not being > > validated. > > But these are application-level validation, checking that the inputs > to the application are correct according to some protocol or API. > Those are bugs in the applications. They would not be prevented by > checking for null pointers in functions in the C standard library.
It is not only about C. It is also not only about checking for NULL pointers. It is about validating all inputs in all software in this world. I am approaching whoever I can for this. Open group is one of them. > > (Also, rejecting calls to strncpy because they want to copy more than > 1MB seems unacceptable to me.) Do you mean that they can copy more than 1 MB? Well, they can. I was only giving an example. My idea is that you have to put some limit and in a practical sense it would be something like 1% of the RAM size or 10% of the RAM size, etc. I will quote the relevant part from my article here: ------------------------------------------------------------------------------------------------------------------- To find the MIN and the MAX values of your arguments, you can check how much your function/software can support and also how much the underlying hardware can support. Another factor to consider would be that, "practically/realistically", how much would actually be needed by the majority of users. For example, in general, in real life, I haven't heard of someone needing to sort an integer array having 1 billion elements (in RAM, not on disk). So, there is no point in supporting that many elements. Now, let's say that you have a sorting function that sorts an integer array, and it takes the number of array elements as an input. In this case, you can limit the maximum number of elements to around 10% of the RAM size. On Linux, you can get the RAM size through /proc/meminfo. Maybe you can implement a function called get_ram_size() so that your code can run on all systems having different RAM sizes. For example, if your system has 2 GB of RAM, then the maximum limit would be 214,748,364 elements (around 214 million elements). This should be enough to satisfy almost all users, but if some people are not happy with this limit, then they can implement their own versions of the function. Again, please don't satisfy the minority at the expense of the majority. Similarly, for strings, you can set the maximum length to 1 KB, or 100 KB, or 1% of the RAM size or 10% of the RAM size. ------------------------------------------------------------------------------------------------------------------- Amit
