lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 22 Nov 2023 01:09:26 +0000
From:   Nick Terrell <>
To:     Linus Torvalds <>
CC:     Nick Terrell <>,
        Nick Terrell <>,
        Linux Kernel Mailing List <>,
        Yann Collet <>,
        Kernel Team <>,
        Giovanni Cabiddu <>
Subject: Re: [PATCH 2/2] zstd: Backport Huffman speed improvement from

> On Nov 21, 2023, at 3:54 PM, Linus Torvalds <> wrote:
> On Tue, 21 Nov 2023 at 12:35, Nick Terrell <> wrote:
>>> Honestly, any coding rule that includes "don't use the do-while-zero
>>> construct" is actively broken shit.
>>> Please just fix your upstream rules. Because they are incredible garbage.
>> Yeah, that’s the plan. Visual Studios fixed that compiler bug in VS2015 [0],
>> so we should be safe to migrate to safer macros.
> I don't even use MSVS, but a minute of googling shows that you should
> never have done that silly "avoid sane C", and you should always just
> have done
>  #pragma warning (disable: 4127)
> for MSVC.
> Honestly, the fact that the result was instead to disable that
> standard - and required - construct in the project makes me worry
> about the whole zstd thing. WTF?

Admittedly our coding guidelines are overly conservative. And here
we are updating to our macros to use the do { } while (0) construct
in this PR [0].

However, we are also very conservative in our testing. We have very
extensive coverage-guided fuzz testing running continuously for
safety of (de)compressing untrusted data, round-trip correctness,
and more.

We take security & correctness very seriously. If you have any
questions I’d be happy to answer them, and I should collect our
testing process publicly in one place, so we can reference that.

If you have any further suggestions I’m very open to them, and
I am grateful for the time you’re taking to improve zstd.


> The do-while-zero construct is _so_ important that there are (sane)
> projects that literally *require* the use of it. See for example MISRA
> code safety rules.
> The kernel rules aren't quite that strict, but yes, do-while-zero is
> very much "you should *absolutely* do this" along with all the usual
> "make sure you have parentheses around macro arguments" rules.
> We had some RFC patches for this area:


> And on that note, when I googled for the solution to the MSVC brain
> damage, I was distressed by how many hits I saw where people thought
> the do-while-zero pattern was some "legacy pattern".
> That just shows that there are lots of incompetent people simply do
> not understand why it's actually *required* for reliable parsing of
> macros.  This is not some "historical stylistic" issue, it's literally
> a correctness issue for generic macro usage.
>           Linus

Powered by blists - more mailing lists