Hi Todd,
in 2014, Theo scolded me when i tried to use strnlen(3) at some
place in mandoc where it wasn't really important, pointing out that
some systems still didn't have it, and saying: "Let me say simply:
Yuck." And indeed, i promptly got reports about compile failures
on Solaris.
However, in the case at hand, it really helps readability
in a function (unavoidably) already longer than comfortable
for reading it.
So, OK schwarze@
Ingo
Todd C. Miller wrote on Thu, Aug 25, 2016 at 03:43:31PM -0600:
> Index: lib/libc/stdio/vfprintf.c
> ===================================================================
> RCS file: /cvs/src/lib/libc/stdio/vfprintf.c,v
> retrieving revision 1.75
> diff -u -p -u -r1.75 vfprintf.c
> --- lib/libc/stdio/vfprintf.c 17 Aug 2016 22:15:08 -0000 1.75
> +++ lib/libc/stdio/vfprintf.c 25 Aug 2016 21:39:16 -0000
> @@ -486,6 +486,8 @@ __vfprintf(FILE *fp, const char *fmt0, _
> * Scan the format for conversions (`%' character).
> */
> for (;;) {
> + size_t len;
> +
> cp = fmt;
> while ((n = mbrtowc(&wc, fmt, MB_CUR_MAX, &ps)) > 0) {
> fmt += n;
> @@ -886,22 +888,10 @@ fp_common:
>
> cp = "(null)";
> }
> - if (prec >= 0) {
> - /*
> - * can't use strlen; can only look for the
> - * NUL in the first `prec' characters, and
> - * strlen() will go further.
> - */
> - char *p = memchr(cp, 0, prec);
> -
> - size = p ? (p - cp) : prec;
> - } else {
> - size_t len;
> -
> - if ((len = strlen(cp)) > INT_MAX)
> - goto overflow;
> - size = (int)len;
> - }
> + len = prec >= 0 ? strnlen(cp, prec) : strlen(cp);
> + if (len > INT_MAX)
> + goto overflow;
> + size = (int)len;
> sign = '\0';
> break;
> case 'U':
>
