I'm trying to count the number of ways this code snippet would fail a commercial coding standard such as MISRA... ;-)
I believe you're right Daniel: res should be bounds checked something like 0 < res < (BUFFER_SIZE-pos) ?? and adding an assert(pos < BUFFER_SIZE) somewhere would be nice too... On Wed, 11 Jul 2018 at 21:28, Daniel Gutson <danielgut...@gmail.com> wrote: > Hi, > > considering this: > > https://github.com/mkj/dropbear/blob/d740dc548924f2faf0934e5f9a4b83d2b5d6902d/atomicio.c#L55 > > > > > switch (res) { > case -1: > if (errno == EINTR || errno == EAGAIN) > continue; > return 0; > case 0: > errno = EPIPE; > return pos; > default: > pos += (size_t)res; > } > > What if res is negative less than -1, for example -2 ? Shouldn't be a > check there that res is > 0 ? > > Thanks, > > Daniel. > > > -- > Who’s got the sweetest disposition? > One guess, that’s who? > Who’d never, ever start an argument? > Who never shows a bit of temperament? > Who's never wrong but always right? > Who'd never dream of starting a fight? > Who get stuck with all the bad luck? >
