At Wed, 24 Aug 2011 08:22:53 +0200, Marc Balmer <mbalmer%NetBSD.org@localhost>
wrote:
Subject: Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c
>
> I think this is not a valid reasoning: What if I, to silence a tool,
> choose to blindly insert (void), instead of checking the return value?
>
> I can always create bugs, and spilling (void) all over only helps maybe
> a tiniy fraction of them.
I think you said it yourself: the programmer can always create bugs.
If someone is blindly inserting tricks into their code just to shut up
some tool's complaints then obviously the tool isn't going to call it
crappy code -- the programmer blindly shut it up and shut it up good.
Hopefully though it will soon become apparent to a better programmer
reading their code that it's just plain crappy code.
When you get the intuition that there's something fishy about someone
else's code then you've got to rip out all questionable use of such
tricks that might quite the complaints from static analysis tools such
as lint and start again (or just throw out all their code entirely and
start again! :-))
--
Greg A. Woods
Planix, Inc.
<woods%planix.com@localhost> +1 250 762-7675 http://www.planix.com/
Attachment:
pgpCJhw2xgCfb.pgp
Description: PGP signature