Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c

At Wed, 24 Aug 2011 08:22:53 +0200, Marc Balmer <> 
Subject: Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c
> I think this is not a valid reasoning:  What if I, to silence a tool,
> choose to blindly insert (void), instead of checking the return value?
> I can always create bugs, and spilling (void) all over only helps maybe
> a tiniy fraction of them.

I think you said it yourself:  the programmer can always create bugs.

If someone is blindly inserting tricks into their code just to shut up
some tool's complaints then obviously the tool isn't going to call it
crappy code -- the programmer blindly shut it up and shut it up good.

Hopefully though it will soon become apparent to a better programmer
reading their code that it's just plain crappy code.

When you get the intuition that there's something fishy about someone
else's code then you've got to rip out all questionable use of such
tricks that might quite the complaints from static analysis tools such
as lint and start again (or just throw out all their code entirely and
start again! :-))

                                                Greg A. Woods
                                                Planix, Inc.

<>       +1 250 762-7675

Attachment: pgpCJhw2xgCfb.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index