"Enrico Weigelt, metux IT consult" <enrico.weigelt@???> writes: > On 01.11.2015 14:52, Rainer Weikusat wrote:
>> It's also strangely schizophrenic as there's no point in zero-filling
>> the entire structure prior to initializing its members one by one
>> which implies zero-filling the larger part of the second one[*]
>> again.
>
> That's called "defensive programming" :p
"Cargo cult programming" would be more appropriate: Mindlessly imitiate
something which made sense in a certain context, based on the assumption
that this will 'magically' 'en-sense' the result.
Initializing a variable twice is useless.
> Indeed, there might be good reasons for doing so: if you really wanna
> make sure that everything's zero'ed, even those members you dont
> care for.
Since there's no information regarding the intended use of such
(hypothetical) "members one doesn't care for", there's no reason to
assume that "zeroeing them" will be good for anything (and not actually
the opposite of it).
[...]
>> The code is only correct if the length of the name argument is known
>> to be less than the size of the buffer as strncpy won't insert a
>> zero-byte otherwise, ie, on one hand, this use a size-checking
>> function with fairly byzantine semantics, on the other hand, the code
>> relies on 'knowing' that "/run/foobar.sk" will fit into the buffer
>> while leaving space for a trailing zero. In case the length of the
>> name is unknown, one would usually do something like
>
> In many cases, you dont really know whether the argument fits, so
> you need to check it anyways.
But the code didn't do that (as I explained): It relied on "knowing that
it will fit" for correctness and the length check was just a useless
addition.
Whether or not this happened to be the cause because the author didn't
know any better or because he intentionally intended to obscure the
algorithm is open for speculation.