[Toybox] [PATCH 2/2] Detect all errors with xreadall/xwrite.

Samanta Navarro ferivoz at riseup.net
Sun Aug 15 05:12:51 PDT 2021


On Sun, Aug 15, 2021 at 06:57:54AM -0500, Rob Landley wrote:
> > It is too difficult for me to figure out the direction in which the
> > toybox design moves and where it comes from and which kind of errors are
> > accepted or even embraced (like data types, signed overflows).
> 
> I disagree with you on a design decision, therefore I am inscrutable?

I did not call you inscrutable. Please do not put words into my text
which are not there. But to clarify my problems with understanding this
project:

On one hand you think about supporting arbitrarily long lines (your
readline discussion) on the other hand you want to limit the size of
tar headers to PATH_MAX (it is not necessarily enough because the pax
extended headers can have multiple entries and only one of them could
be the path) and ignore memory leaks of arbitrarily large tar streams.

On one hand you disagree on portability or implied documentation of
data types on the other hand you consider PATH_MAX although it is a
portability macro itself.

I do not understand why int should be the correct type for a library
function which reads data from a stream if the underlying library
function uses size_t. It should be at least unsigned int because -1
would make no sense as parameter. If at all it would make sense to treat
values larger than INT_MAX in a way like the tor project does: Insert
an upper boundary check to library functions and fail if they are
triggered.

My assumption that signed overflows are ignored results from du.c:
  // Modern compilers' optimizers are insane and think signed overflow
  // behaves differently than unsigned overflow. Sigh. Big hammer.

I'm out of here. I wish you and the toybox project the best.



More information about the Toybox mailing list