On Jan 31, 2026, at 7:48 PM, Amit via austin-group-l at The Open Group <[email protected]> wrote:
> I can't convince people here unless people agree that """"they don't > want to satisfy a minority of people at the expense of the majority of > people."""" And, prior to that, they would also need to agree that not imposing size limits will be at the expense of the majority of people. You have not provided any evidence to demonstrate that imposing those size limits would increase system security; you will need to do so before people will even consider this to be a case where, to benefit the majority, you will have to impose limits on a minority. > If people want to satisfy everyone, then obviously we can't put limits > on the arguments and in that case things will remain as they are now > and the world will remain insecure as it is now. Again, you have failed to demonstrate that, for example, imposing limits on the size of an array to be processed by qsort(), or on the size of a string to be copied by strlcpy(), will, in any way, shape, or form, make the world any more secure. First demonstrate *that, with concrete evidence. Then we can proceed. The goal here is not to find arbitrary forms of validation for function arguments, so that we can check "added validation requirements for this function argument" checkboxes; the goal is to find cases where certain argument values can be shown to cause security or other bugs, and add *those* requirements.
