Re: CVS commit: src/lib/libc

To: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
Subject: Re: CVS commit: src/lib/libc
From: Warner Losh <imp%bsdimp.com@localhost>
Date: Thu, 1 Mar 2012 11:14:16 -0700

On Mar 1, 2012, at 10:58 AM, Izumi Tsutsui wrote:

>>> Again, how can you support/control/update third party products 
>>> not to use deprecated functions?  Our libc is designed for 
>>> NetBSD?
>> 
>> You can't make them not use deprecated functions, but I think you 
>> can tell them to link with libdeprecated, or to add -DI_WANT_GETS 
>> to CFLAGS.
> 
> We could *tell* them, but no lazy third parties would bother to add
> extra configure checks for paranoiac non C89 compliant environment.

Let's gratuitously break third parties because one cannot think of a good way 
to use gets.

I hit warnings on some package years ago that did use gets 100% safely because 
it was used in a pipeline where the produce never produced (and could never 
produce) strings longer than the consumer had buffer space for.  The original 
author demurred when I sent (trivial) patches to fix the receiver to use fgets 
instead.  He insisted he had better things to do with his time than to cope 
with the paranoid and complained that strcpy was next since it could be used 
unsafely.  Rather than argue, I just got on with my life and even forgot the 
name of the package that had these warnings...

Maybe somebody can look at a full pkgsrc build to see how many instances of 
gets are in it?

Warner

Follow-Ups:
- Re: CVS commit: src/lib/libc
  - From: David Holland

References:
- Re: CVS commit: src/lib/libc
  - From: Izumi Tsutsui

Prev by Date: Re: CVS commit: src/lib/libc
Next by Date: Re: CVS commit: src/share/zoneinfo
Previous by Thread: Re: CVS commit: src/lib/libc
Next by Thread: Re: CVS commit: src/lib/libc
Indexes:

Home | Main Index | Thread Index | Old Index