tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Reuse strtonum(3) and reallocarray(3) from OpenBSD



Christos Zoulas wrote:
> | What do you think about deal with estrtoi() and efullstrtoi(),
> | two new entries in efun(3)? I think it's a good compromise.
> 
> Then we drag in util.h and -lutil. This is not desirable.
> 

Please show me real-world code effected by your concerns.
I'm afraid there is not such around and so your argumentation isn't strong,
it's also against clean C-style (with or without its shortcomings/features).

Randomly picked up utility (from the set of tiny Unix utilities) src/usr.bin/column:
http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/split/split.c?annotate=1.26

numlines = strtoull(p, &ep, 10);                                                       
if (numlines == 0 || *ep != '\0')
errx(1, "%s: illegal line count.", p);

A programmer didn't care about errors (ERANGE, EINVAL) and silently skips errno checking.
Nobody enforces it on him or her. This code is vulnerable to overflows and (at least to me)
more difficult to maintain (undesired pointer magic).

numlines = fullstrtou(p, 10, 1, 1, UINT_MAX);
if (errno)
errx(1, "%s: illegal line count.", p);

(yes <errno.h> is already pulled in, and we don't care whether it was partial, out of range, overflow...)

or even if we wouldn't care about error message:
numlines = efullstrtou(p, 10, 1, 1, UINT_MAX);

I (really) randomly checked another utility..

http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/column/Makefile?annotate=1.7
And there is for those who want to use util.h:
LDADD+=-lutil
DPADD+=${LIBUTIL}


I started the overall discussion to not have an orchestra function for string translations,
but to have safe and easy to use atoi(3) replacement. People look into manuals and see that
it's unsafe and take hard to use strtol(3). proposed strtoi(3) and fullstrtoi(3) aims
to help here (range checking, partial conversion handling)... and nothing more.

Your proposed strtoi(3) besides of its flaws looks extraterrestrial to me,
not simpler to use (6 parameters vs 1 from silly atoi(3)) and tries to do everything well,
doing small things inconsistently (errno abuse, duplicated information).

For those who really hate errno nobody enforces on them to wrap around their own
functions around strtoi(3)/fullstrtoi(3) or silently ignore it.

I think the discussion is now exhausted. I'm going to submit a patch with {,full}strto{i,u}
proposition this evening, incorporating them with the overall NetBSD machinery.

Thank you for your time.


Home | Main Index | Thread Index | Old Index