GNU bug report logs - #8401
removing duplication and improving the readlink code

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Fri, 1 Apr 2011 06:48:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 8401 <at> debbugs.gnu.org
Subject: bug#8401: removing duplication and improving the readlink code
Date: Fri, 01 Apr 2011 22:38:59 +0300

> Date: Fri, 01 Apr 2011 12:00:28 -0700
> From: Paul Eggert <eggert <at> cs.ucla.edu>
> CC: 8401 <at> debbugs.gnu.org
> 
> On 04/01/2011 01:33 AM, Eli Zaretskii wrote:
> > Isn't much easier and much more elegant to use ssize_t instead of an
> > int for the buffer sizes in both cases?
> 
> That doesn't suffice; the code should not only use ssize_t for
> readlink's returned value, but it should also use size_t for the
> buffer size

Well, let's use that as well, then.

> and it should check that neither type overflows.

Are we really going to consider seriously the case of a link name
overflowing a 64-bit ssize_t data type?  On what platform can this
happen?  I could perhaps be sympathetic to defensive programming in
this area if it were a simple enough test.  But why do we need to
introduce the allocator and careadlinkat modules, and all the nested
function calls needed for them, just to protect a simple code fragment
from overflowing?

> We could modify both copies of Emacs's readlink-using
> code to fix these problems, but when there's duplication like
> this, it's typically better to have just one copy of the code,
> and make any necessary fixes in that copy.

We could refactor the duplicated code into a short function, and use
that.

> On 04/01/2011 01:33 AM, Eli Zaretskii wrote:
> > If this patch is accepted, the new emacs_readlink function will be a
> > trivial "fail" stub on Windows.
> 
> That would introduce an unnecessary "#ifdef DOS_NT" into the mainline
> code.  We should strive to keep the mainline code free of
> porting #ifdefs when it is easy, as it is in this case.
> The proposed code should run just fine on Windows, using
> the already-existing stubs.  We shouldn't need to clutter up
> up the mainline code with unnecessary Windows-specific
> microoptimizations.

I'm all for that, but if you want to help, please restructure the code
so that neither allocator.h nor careadlinkat are not used on platforms
whose readlink is an always-fail stub.

Sorry, but there are limits to what I can stand in code inelegance and
gratuitous complexity without having my stomach spilled out.  I have
no authority to reject your patch, but I _can_ leave the parts of code
I'm responsible for as unaffected by it as possible.

On top of all that, the functions you introduce use malloc/realloc,
which I think will prevent their callers from being safe for
asynchronous calls triggered by external events (mouse etc.).  The
original code used xmalloc/xrealloc instead, which have Emacs-specific
implementations to avoid that limitation.
This bug report was last modified 14 years and 54 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.