svn commit: r225097 - in projects/ino64: include lib/libc/gen usr.sbin/cpucontrol usr.sbin/lpr/common_source usr.sbin/newsyslog

Jilles Tjoelker jilles at stack.nl
Thu Sep 1 20:37:34 UTC 2011 

On Thu, Sep 01, 2011 at 07:32:06PM +0400, Sergey Kandaurov wrote:
> On 25 August 2011 01:14, Jilles Tjoelker <jilles at stack.nl> wrote:
> > On Mon, Aug 22, 2011 at 11:54:12PM +0000, Matthew D Fleming wrote:
> >> Author: mdf
> >> Date: Mon Aug 22 23:54:12 2011
> >> New Revision: 225097
> >> URL: http://svn.freebsd.org/changeset/base/225097

> >> Log:
> >>   Avoid using dirfd name there is dirfd() macro already.
> >>   Use dirfd() instead of dirp->dd_fd.
> >>   Replace dirfd() macro with exported libc symbol.
> >>   Use _dirfd() macro internally.

> >>   GSoC r222835, r222836, r222837.
> >>   Code by Gleb Kurtsou.

> >> Added: projects/ino64/lib/libc/gen/dirfd.c
> >> ==============================================================================
> >> --- /dev/null 00:00:00 1970   (empty, because file is newly added)
> >> +++ projects/ino64/lib/libc/gen/dirfd.c       Mon Aug 22 23:54:12 2011        (r225097)
> > [snip]
> >> +int
> >> +dirfd(DIR *dirp)
> >> +{
> >> +     if (dirp == NULL)
> >> +             return (-1);
> >> +
> >> +     return (_dirfd(dirp));
> >> +}

> > Why have this check here? I think the original behaviour (a segfault) is
> > more useful here since the return value of this interface is often not
> > checked.

> Why not to convert it to EINVAL?

> As per IEEE Std 1003.1-2008:

> The dirfd() function may fail if:

> [EINVAL]
>     The dirp argument does not refer to a valid directory stream.

Given that this error is optional and that there is no other mention of
this condition, I think the undefined behaviour for a function argument
outside the permitted domain still applies.

Also, glibc and OpenSolaris dirfd() likewise segfault if passed a null
pointer.

A Google code search suggested that the interface is often used without
checking (for example, passing the result directly to fchdir() or a *at
function) and in that case returning -1 for a NULL pointer makes the
problem harder to diagnose (fortunately, AT_FDCWD is not -1 so a *at
function will at least fail with EBADF, like fchdir()).

-- 
Jilles Tjoelker

More information about the svn-src-projects mailing list