Mailing List Archive

From:: Ingo Schwarze <schwarze@usta.de>
Subject:: Re: watch(1): construct cmdstr in a less clever way
To:: Florian Obser <florian@openbsd.org>
Cc:: tech@openbsd.org
Date:: Tue, 20 May 2025 18:54:40 +0200

Download raw body.

Thread

2025-05-20 12:38 Florian Obser:
watch(1): construct cmdstr in a less clever way
- 2025-05-20 16:20 Ted Unangst:
  watch(1): construct cmdstr in a less clever way
- 2025-05-20 16:54 Ingo Schwarze:
  watch(1): construct cmdstr in a less clever way
- - 2025-05-21 00:13 Theo Buehler:
    watch(1): construct cmdstr in a less clever way
  - - 2025-05-21 01:08 Ingo Schwarze:
      watch(1): construct cmdstr in a less clever way

Hello Florian,

Florian Obser wrote on Tue, May 20, 2025 at 02:38:57PM +0200:

> +		if ((size_t)len >= rest)
> +			errx(1, "overflow");

Conditionals that are designed to never be true are not nice.
They make code auditing harder because the intent is confusing
and the auditor is likely to wonder whether the author was aware
that the code is unreachable.

Since we are not in a library, i'd prefer

	assert((size_t)len < rest);

It looks like you also need to rebase your patch, tha last hunk
no longer applies because of job@'s rev. 1.16.

Apart from that and tedu@'s malloc(3) request, your code looks
reasonable and works.

Yours,
  Ingo

2025-05-20 12:38 Florian Obser:
watch(1): construct cmdstr in a less clever way
- 2025-05-20 16:20 Ted Unangst:
  watch(1): construct cmdstr in a less clever way
- 2025-05-20 16:54 Ingo Schwarze:
  watch(1): construct cmdstr in a less clever way
- - 2025-05-21 00:13 Theo Buehler:
    watch(1): construct cmdstr in a less clever way
  - - 2025-05-21 01:08 Ingo Schwarze:
      watch(1): construct cmdstr in a less clever way