On 01.11.2015 14:52, Rainer Weikusat wrote:

> It's also strangely schizophrenic as there's no point in zero-filling
> the entire structure prior to initializing its members one by one
> which implies zero-filling the larger part of the second one[*]
> again.

That's called "defensive programming" :p

Indeed, there might be good reasons for doing so: if you really wanna
make sure that everything's zero'ed, even those members you dont
care for.

OTOH, APIs should be designed in a way that you dont need that, or at
least let the compiler do the job (eg. static initialization).

> The code is only correct if the length of the name argument is known
> to be less than the size of the buffer as strncpy won't insert a
> zero-byte otherwise, ie, on one hand, this use a size-checking
> function with fairly byzantine semantics, on the other hand, the code
> relies on 'knowing' that "/run/foobar.sk" will fit into the buffer
> while leaving space for a trailing zero. In case the length of the
> name is unknown, one would usually do something like

In many cases, you dont really know whether the argument fits, so
you need to check it anyways.

The constant path name is a special case.

Anyways, why not this way ?

sa.un = (struct sockaddr_un){
.sun_family = AF_UNIX,
.sun_path = "/run/foobar.sk"};


--mtx

--
Enrico Weigelt,
metux IT consulting
+49-151-27565287