From: Jens Gustedt <jens.gustedt@inria.fr>
To: musl@lists.openwall.com
Subject: Re: [PATCH v2] shadow: Implement putspent
Date: Thu, 07 Nov 2013 23:35:01 +0100 [thread overview]
Message-ID: <1383863701.11028.154.camel@eris.loria.fr> (raw)
In-Reply-To: <20131106163640.GN24286@brightrain.aerifal.cx>
[-- Attachment #1: Type: text/plain, Size: 2160 bytes --]
Am Mittwoch, den 06.11.2013, 11:36 -0500 schrieb Rich Felker:
> On Wed, Nov 06, 2013 at 02:20:54PM +0100, Jens Gustedt wrote:
> > in the context of the actual function that would certainly overkill,
> > but generally it is not a good idea to mix user strings and string
> > literals without consting them. So in a general context I'd go for
> > something like
> >
> > #define STR(S) ((char const*)((S) ? (S) : ""))
> >
> > or even
> >
> > #define STR(S) ((S) ? (char const*){ (S) } : "")
> >
> > to have a better type check for the argument
>
> I disagree with this change. The type of string literals is char *,
> not const char *, so it's not a type consistency issue. Even if it
> were, the ?: operator handles the type correctly anyway. My view is
> that casts are a code smell, and no-op casts are harmful in that they
> obfuscate the correctness of types (since the reader has to question
> whether the cast is hiding a type mismatch).
The second variant isn't a casţ but a conversion and it just checks if
S is assignment compatible with `char const*`. A completely type safe
variant then would be
#define STR(S) ((S) ? (char const*){ (S) } : (char const[]){ 0 })
which wouldn't imply any conversion. (And which a compiler *may*
realize by using a static object for the empty string.)
Just to be clear for the reason I mentioned it: the original macro has
the danger that it is used in places where it is passed as char* to a
function which then modifies the string.
updatefunction(STR(toto));
The user who calls first the macro and then the function with his own
variable thinks that he is passing a modifiable string "toto" to the
function. The bug only appears when by accident someday "toto" is 0,
and a then a string literal is passed into the function.
Jens
--
:: INRIA Nancy Grand Est :: http://www.loria.fr/~gustedt/ ::
:: AlGorille ::::::::::::::: office Nancy : +33 383593090 ::
:: ICube :::::::::::::: office Strasbourg : +33 368854536 ::
:: ::::::::::::::::::::::::::: gsm France : +33 651400183 ::
:: :::::::::::::::::::: gsm international : +49 15737185122 ::
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2013-11-07 22:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-05 7:47 [PATCH] " Michael Forney
2013-11-05 19:24 ` Rich Felker
2013-11-05 22:30 ` [PATCH v2] " Michael Forney
2013-11-05 23:31 ` Rich Felker
2013-11-06 13:20 ` Jens Gustedt
2013-11-06 16:36 ` Rich Felker
2013-11-07 22:35 ` Jens Gustedt [this message]
2013-11-08 0:37 ` Szabolcs Nagy
2013-11-24 6:10 ` [PATCH v3] " Michael Forney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1383863701.11028.154.camel@eris.loria.fr \
--to=jens.gustedt@inria.fr \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).