Hi James,
> May I ask one question on the coding feedback I received? With regards to
> this comment:
>
> > +static int hso_connect()
> > +{
> > + int index=-1;
> > + struct connman_ipaddress *ipaddress = NULL;
> > + struct in_addr local_gateway_addr;
>
> > And I don't like if you initialize variables. That is a bad habit to
> > hide actual errors.
>
> I would like to understand your concern about hiding actual errors. There
> are plenty of secure coding books, conference papers, various coding
> security departments from companies like Microsoft and Intel, etc out
> there that give case after case examples why it is good to initialize
> variables before using them. Now, what probably could be done is to
> default a variable to a failure value and write code to only set the
> correct value on the happy path case, which usually helps debug code on
> getting the correct code flow right. And for wrong paths, variables that
> are initialized before use typically have the error value stored in them
> (if written right)before code bombs out. If the code fails before the
> variable is used then one at least knows the code fails before the
> variable got used. this winds up being good for debugging because there
> is always a predictable, consistent value in the variable instead of some
> junk number that will change every time the code is run.
>
> I'll fix this issue. It isn't a big deal to me, especially because i am
> not the original author of this code. But I want to understand this point
> better because it goes against what I have read on good secure SW coding
> practices, and I just want to hear this perspective better because I want
> to be a better programmer.
it is pretty simple. We have the GCC warn us at compile time if you use
a variable initialized. And that is what I want. As described in the
HACKING document, use ./bootstrap-configure (or maintainer mode) and it
will enable a really strict set of compiler warnings and turn these into
errors.
I could go on and on about the secure programming non-sense and the
stupid advise they give, but initializing a variable might avoid some
security whole here and there, but it doesn't always mean that your
actual code is correct. And that can lead to various other mistakes
deeper in the path and that is then really hard to debug. So the rule is
not variable initialization (there are exceptions here and there, but
not that many) and GCC will tell you if your code is screwed up and you
made a mistake. That is way better than stupidly initializing all
variables. I do want that people understand the code they write and
submit.
Regards
Marcel
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
