Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190117053147.GH29911@voyager>
Date: Thu, 17 Jan 2019 06:31:47 +0100
From: Markus Wichmann <nullplan@....net>
To: musl@...ts.openwall.com
Subject: Re: <shadow.h> function: fgetspent_r

On Wed, Jan 16, 2019 at 06:44:10PM -0500, Rich Felker wrote:
> On Wed, Jan 16, 2019 at 03:38:06PM -0600, A. Wilcox wrote:
> > What do you mean by "messy char[] buffer idiom"?  The buffer that is
> > meant to contain the strings is passed to the function (char *buf),
> > *not* returned by it.
> 
> It's also necessarily used to contain the struct itself, despite C not
> really allowing this and the buffer not being properly aligned for it
> (requiring realignment which is inherently nonportable and not even
> possible in something like a memory-safe implementation). A proper API
> would have the caller pass both a pointer to the struct to fill and a
> pointer to char[] space for strings.
> 

Erm, no, there is a parameter where you can store the struct itself.
It's the second parameter. You are supposed to set the target of the
fifth parameter equal to the second on success, else to NULL.

Working on it, but that is even more messy. What to do on EOF? The only
thing I can think of is return 0, but set *spbufp to 0 (wait, is that
the only reason return value and return pointer are split? Dear lord...)

What to do on "buffer too small"? Seek the file back to where it was?

What to return on format error?

What to do on "buffer too large"? I wanted to use fgets() to read the
next line, but the size parameter of fgets() is an int, so the size
parameter to fgetspent_r() can't exceed INT_MAX.

> > I would personally leave the fp where it is (not rewind)
> > since all the other *get*ent functions don't rewind on error either.
> 
> But should it finish consuming the line it's in the middle of?
> Otherwise it could wrongly interpret the remainder of the line as a
> complete line if called again. Note that the current version of the
> non-_r function has that issue if getline OOM's..
> 
> Rich

Good point, that's a possible problem as well. We could rid ourselves of
these problems by declaring a new call after error to be UB. But that's
not QoI...

Ciao,
Markus

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.