All of lore.kernel.org
 help / color / mirror / Atom feed
* Type mismatches in safe_read and friends?
@ 2007-03-26 14:13 Rogan Dawes
  2007-03-26 16:47 ` Shawn O. Pearce
  0 siblings, 1 reply; 3+ messages in thread
From: Rogan Dawes @ 2007-03-26 14:13 UTC (permalink / raw)
  To: Git Mailing List

Hi folks,

I'm starting to learn a little C, and I figured I'd learn from the 
masters ;-) I needed to read in some data from the network, and I 
figured the safe_* calls would be a good example of how to do it correctly.

So, I took a look, and found:

static void safe_read(int fd, void *buffer, unsigned size)
{
         int n = 0;

         while (n < size) {
                 int ret = xread(fd, (char *) buffer + n, size - n);
                 if (ret < 0)
                         die("read error (%s)", strerror(errno));
                 if (!ret)
                         die("The remote end hung up unexpectedly");
                 n += ret;
         }
}


Surely size and 'n' should have the same signed-ness?

And, in fact, shouldn't they actually be size_t, rather than 'int', 
since xread is defined as:

static inline ssize_t xread(int fd, void *buf, size_t len)
{
         ssize_t nr;
         while (1) {
                 nr = read(fd, buf, len);
                 if ((nr < 0) && (errno == EAGAIN || errno == EINTR))
                         continue;
                 return nr;
         }
}

And finally, 'ret' in safe_read should be a 'ssize_t', not an int, right?

Or is it just a case that we don't really care, since we control the 
ranges of the values, and the underlying types are int anyway? Patches 
to follow if I get an indication that anyone cares, otherwise I'd be 
posting my question to a C newbies group. ;-)

Rogan

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Type mismatches in safe_read and friends?
  2007-03-26 14:13 Type mismatches in safe_read and friends? Rogan Dawes
@ 2007-03-26 16:47 ` Shawn O. Pearce
  2007-03-27 10:34   ` Rogan Dawes
  0 siblings, 1 reply; 3+ messages in thread
From: Shawn O. Pearce @ 2007-03-26 16:47 UTC (permalink / raw)
  To: Rogan Dawes; +Cc: Git Mailing List

Rogan Dawes <lists@dawes.za.net> wrote:
> I'm starting to learn a little C, and I figured I'd learn from the 
> masters ;-) I needed to read in some data from the network, and I 
> figured the safe_* calls would be a good example of how to do it correctly.
...
> static void safe_read(int fd, void *buffer, unsigned size)
> {
>         int n = 0;
> 
>         while (n < size) {
>                 int ret = xread(fd, (char *) buffer + n, size - n);
...
> Surely size and 'n' should have the same signed-ness?

Gah.  Yes.  And ret should be ssize_t.
 
> And, in fact, shouldn't they actually be size_t, rather than 'int', 
> since xread is defined as:

Yes.

> static inline ssize_t xread(int fd, void *buf, size_t len)
...
> And finally, 'ret' in safe_read should be a 'ssize_t', not an int, right?

Oh, I see you noticed that too.  ;-)
 
> Or is it just a case that we don't really care, since we control the 
> ranges of the values, and the underlying types are int anyway? Patches 
> to follow if I get an indication that anyone cares, otherwise I'd be 
> posting my question to a C newbies group. ;-)

It is sort of a case we don't care.  These probably should be fixed.
A patch would be nice.  You want to learn C...  ;-)

We currently assume that sizeof(unsigned) == sizeof(int) == 4,
and that nobody is crazy enough to call this functions with values
over ~2,000,000,000 so we don't practically have signed/unsigned
issues here.  Right now anyway.  But it shouldn't be like this.

So size_t/ssize_t are the right types.


The one that cracks me up is what moron declared read(2) to take
size_t as the input argument and ssize_t as the return value.
So I can pass in a value that if successfully read by the kernel
will actually be < 0 upon return, making my code think the read
call failed - but it didn't.  Riiiiiiiiight.

xread was just following that standard, broken model.

-- 
Shawn.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Type mismatches in safe_read and friends?
  2007-03-26 16:47 ` Shawn O. Pearce
@ 2007-03-27 10:34   ` Rogan Dawes
  0 siblings, 0 replies; 3+ messages in thread
From: Rogan Dawes @ 2007-03-27 10:34 UTC (permalink / raw)
  To: Shawn O. Pearce; +Cc: Git Mailing List

Shawn O. Pearce wrote:
>  
>> Or is it just a case that we don't really care, since we control the 
>> ranges of the values, and the underlying types are int anyway? Patches 
>> to follow if I get an indication that anyone cares, otherwise I'd be 
>> posting my question to a C newbies group. ;-)
> 
> It is sort of a case we don't care.  These probably should be fixed.
> A patch would be nice.  You want to learn C...  ;-)
> 

Ok. So I did a little patch, but I'm not sure whether I solved anything. 
Now we have an implicit cast from size_t to ssize_t in packet_read_line.

I guess this echoes your comment about requesting a large size_t, and 
getting a ssize_t result back. I suppose in theory we should be refusing 
to handle a length greater than that which would fit into a ssize_t? Or 
simply making sure to always return data smaller than max(ssize_t)?

Patch to follow.

Rogan

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-03-27 10:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-03-26 14:13 Type mismatches in safe_read and friends? Rogan Dawes
2007-03-26 16:47 ` Shawn O. Pearce
2007-03-27 10:34   ` Rogan Dawes

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.