On Mon, Aug 04, 2014 at 05:21:46PM +0200, Lennart Poettering wrote: > On Wed, 30.07.14 00:37, Zbigniew Jędrzejewski-Szmek ([email protected]) wrote: > > > > +_public_ int sd_network_get_domainname(int ifindex, char **domainname) { > > > + _cleanup_free_ char *s = NULL, *p = NULL; > > > + int r; > > > + > > > + assert_return(ifindex > 0, -EINVAL); > > > + assert_return(domainname, -EINVAL); > > > + > > > + if (asprintf(&p, "/run/systemd/netif/links/%d", ifindex) < 0) > > > + return -ENOMEM; > > Not terribly important, but please spell that as: > > > > char p[sizeof("/run/systemd/netif/links/") + > > DECIMAL_STRING_MAX(int)]; > > snprintf(p, sizeof(p), "/run/systemd/netif/links/%d", > > ifindex); > > Actually, I'd even use normal sprintf() here, not snprintf(), after all, > we carefully sized the string anyway, hence no need to enforce the size > limit here. Using sprintf() here makes is > clear to me that the buffer was carefully sized before, so I think would > be preferrable... On my TODO list is adding snprintf_check (or snprintf_assert, or snprintf_sized, not sure about the name), which would wrap the snprintf in an assert to check that there was no truncation.
> In particular since snprintf() doesn't add a trailing NULL > if it truncates the string, which makes the whole excercise kinda > pointless... an snprintf() without something like char_array_0() invoked > right after it always raises my eyebrows. Are you sure? snprintf(3) implies that the terminating byte is always written. Testing confirms that fwiw. Zbyszek _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
