Author: Enrico Weigelt, metux IT consult Date: To: dng Subject: Re: [DNG] busybox
On 01.11.2015 14:52, Rainer Weikusat wrote:
> It's also strangely schizophrenic as there's no point in zero-filling
> the entire structure prior to initializing its members one by one
> which implies zero-filling the larger part of the second one[*]
> again.
That's called "defensive programming" :p
Indeed, there might be good reasons for doing so: if you really wanna
make sure that everything's zero'ed, even those members you dont
care for.
OTOH, APIs should be designed in a way that you dont need that, or at
least let the compiler do the job (eg. static initialization).
> The code is only correct if the length of the name argument is known
> to be less than the size of the buffer as strncpy won't insert a
> zero-byte otherwise, ie, on one hand, this use a size-checking
> function with fairly byzantine semantics, on the other hand, the code
> relies on 'knowing' that "/run/foobar.sk" will fit into the buffer
> while leaving space for a trailing zero. In case the length of the
> name is unknown, one would usually do something like
In many cases, you dont really know whether the argument fits, so
you need to check it anyways.