[PATCH] Fix string to integer conversion
Ralph Böhme
slow at samba.org
Sun Feb 24 18:01:33 UTC 2019
Hi Jeremy,
> Am 23.02.2019 um 19:23 schrieb Jeremy Allison <jra at samba.org>:
>
> On Sat, Feb 23, 2019 at 09:18:31AM +0100, Ralph Böhme wrote:
>>> then you don't need to look inside, the
>>> code is obvious.
>>
>> I'd still have to look to check why the initialisation is needed.
>
> Well this kind of pattern (no-initialization
> at declaration, followed by test after function
> call) used to confuse Coverity into issuing false
> positives, so I still think in this case initialization
> at declaration is the right thing to do.
I guess fixing the API is right thing to do here. :)
>
>>> So I'm going to stick with my request, to make
>>> future reviewers lives easier !
>>>
>>> You could help by reviewing the patch :-) :-).
>>
>> now you got my attention. :) I'd say the problem is, that the API of the new
>> functions is still not ideal. I'd prefer
>>
>> bool tstrto[u]l[l](const char *nptr, char **endptr, int base, [unsigned][long]long int *result)
>>
>> Then the caller just does the usual
>>
>> ok = tstrtol(...);
>> if (!ok) {
>> ....
>> }
>>
>> The function would return false for values that are out of range and
>> probably also for the empty string and if there were no digits, I guess that
>> is what all callers care about.
>
> Oh god, what color is my bike shed today :-).
The *right* one :)))
> OK, that was my initial take on the API too, but
> I was trying to use this as a teaching moment
> and Swen was doing the work.
>
> That makes it a different interface to the
> existing POSIX strtoul()/strtoull() calls,
yes please. :)
> which I think Swen was trying to preserve
> as a coding pattern.
Why?
> I'm at Vault next week, so if you want it
> changed I'll have to get to it later.
Well, I guess the current implementation of strtoul[l]_err() is not even correct.
The patchset introduces an additional error check in the callers in some places where only the return error is checked, causing an error log message or even a failure in the caller. The problem is, according to POSIX/SUS, strtoul and friends are not *required* to set errno to EINVAL "in case no conversion was performed". The implementation of strtoul[l]_err() doesn't set it, it just returns the errno from strtoul.
If strtoul[l]_err() returns an error, it must be reliable. While this could be addressed by returning EINVAL for the "no conversion was performed" case, it still leaves us with a strange API.
Thoughts?
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
More information about the samba-technical
mailing list