From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 7EA18431FBF; Tue, 1 Dec 2009 08:08:26 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u43OUHOZm-y5; Tue, 1 Dec 2009 08:08:25 -0800 (PST) Received: from yoom.home.cworth.org (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id C96C7431FAE; Tue, 1 Dec 2009 08:08:25 -0800 (PST) Received: by yoom.home.cworth.org (Postfix, from userid 1000) id 0317F254419; Tue, 1 Dec 2009 08:08:08 -0800 (PST) From: Carl Worth To: djcb@djcbsoftware.nl, "notmuch\@notmuchmail org" In-Reply-To: <87r5rpyd4x.wl%djcb@djcbsoftware.nl> References: <87r5rpyd4x.wl%djcb@djcbsoftware.nl> Date: Tue, 01 Dec 2009 08:08:07 -0800 Message-ID: <87k4x6ad94.fsf@yoom.home.cworth.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Subject: Re: [PATCH 2/2] * avoid gcc 4.4.1 compiler warning due to ignored 'fflush' return value X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 16:08:26 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable On Mon, 23 Nov 2009 08:21:50 +0200, Dirk-Jan C. Binnema wrote: > -#define prompt(format, ...) \ > - do { \ > - printf (format, ##__VA_ARGS__); \ > - fflush (stdout); \ > - getline (&response, &response_size, stdin); \ > - chomp_newline (response); \ > +#define prompt(format, ...) \ > + do { \ > + int ignored; \ > + printf (format, ##__VA_ARGS__); \ > + fflush (stdout); \ > + ignored =3D getline (&response, &response_size, stdin); \ > + chomp_newline (response); \ > } while (0) This patch is incorrect. Ignoring the return value of getline results in the program invoking undefined behavior by reading uninitialized memory. This is easily tested by, for example, typing Control-D to provide EOF to a prompt from "notmuch setup". How about just exiting in case of EOF as in the patch below? I think I'll push it now. =2DCarl commit eb0cf86c7a9d5cda464d4d36a9cac66f26b5529d Author: Carl Worth Date: Tue Dec 1 08:06:09 2009 -0800 notmuch setup: Exit if EOF is encountered at any prompt. =20=20=20=20 If the user is explicitly providing EOF, then terminating the program is the most likely desired thing to do. This also avoids undefined behavior from continuing with an uninitialized response after ignoring the return value of getline(). diff --git a/notmuch-setup.c b/notmuch-setup.c index 5ec176d..622bbaa 100644 =2D-- a/notmuch-setup.c +++ b/notmuch-setup.c @@ -100,12 +100,15 @@ notmuch_setup_command (unused (void *ctx), unsigned int i; int is_new; =20 =2D#define prompt(format, ...) \ =2D do { \ =2D printf (format, ##__VA_ARGS__); \ =2D fflush (stdout); \ =2D getline (&response, &response_size, stdin); \ =2D chomp_newline (response); \ +#define prompt(format, ...) \ + do { \ + printf (format, ##__VA_ARGS__); \ + fflush (stdout); \ + if (getline (&response, &response_size, stdin) < 0) { \ + printf ("Exiting.\n"); \ + exit (1); \ + } \ + chomp_newline (response); \ } while (0) =20 config =3D notmuch_config_open (ctx, NULL, &is_new); --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFLFT9n6JDdNq8qSWgRAr3qAJ4jTPCWogmUm4kzzN3usjH4+oBBoQCffYvB qznQ5wjkFBpIfsxXDdig8f8= =P2gw -----END PGP SIGNATURE----- --=-=-=--