From: Eric Blake <eblake@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] inet_listen_opts: add error checking
Date: Thu, 12 Dec 2013 08:50:23 -0700 [thread overview]
Message-ID: <52A9DB3F.4010902@redhat.com> (raw)
In-Reply-To: <1386851244.19301.46.camel@nilsson.home.kraxel.org>
[-- Attachment #1: Type: text/plain, Size: 2111 bytes --]
On 12/12/2013 05:27 AM, Gerd Hoffmann wrote:
> Hi,
>
>>> + if (port_offset) {
>>> + int baseport;
>>> + errno = 0;
>>> + baseport = strtol(port, NULL, 10);
>
>> <rant>
>> WHY is strtol() such a PAINFUL interface to use correctly?
>
> Crossed my mind too after reading the manpage, which sayed you should
> clear errno to reliable detect errors as checking the return value
> doesn't cut it.
>
> Your points obviously underline that.
>
>> And WHY
>> can't qemu copy libvirt's lead of writing a SANE wrapper function, and
>> then mandating that the rest of the code base use the sane wrapper
>> instead of strtol()?
>> </rant>
>
> Care to share a pointer to the code?
/* Like strtol, but produce an "int" result, and check more carefully.
Return 0 upon success; return -1 to indicate failure.
When END_PTR is NULL, the byte after the final valid digit must be NUL.
Otherwise, it's like strtol and lets the caller check any suffix for
validity. This function is careful to return -1 when the string S
represents a number that is not representable as an "int". */
int
virStrToLong_i(char const *s, char **end_ptr, int base, int *result)
{
long int val;
char *p;
int err;
errno = 0;
val = strtol(s, &p, base); /* exempt from syntax-check */
err = (errno || (!end_ptr && *p) || p == s || (int) val != val);
if (end_ptr)
*end_ptr = p;
if (err)
return -1;
*result = val;
return 0;
}
and other variants of virStrToLong_* for parsing into unsigned int,
long, etc.
Libvirt then couples that with a syntax check that gets run during 'make
syntax-check' (or we could even migrate it into 'make check') that
forbids all use of strtol() not on a line with the magic exemption
comment. Therefore, the number of actual uses of strtol() in the source
code base is limited to just these wrapper functions, and everyone else
gets sane semantics.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 621 bytes --]
next prev parent reply other threads:[~2013-12-12 16:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-11 12:00 [Qemu-devel] [PATCH] inet_listen_opts: add error checking Gerd Hoffmann
2013-12-11 23:03 ` Eric Blake
2013-12-12 12:27 ` Gerd Hoffmann
2013-12-12 15:50 ` Eric Blake [this message]
2013-12-13 9:57 ` Gerd Hoffmann
-- strict thread matches above, loose matches on Subject: below --
2013-12-13 9:57 Gerd Hoffmann
2014-05-21 10:53 Gerd Hoffmann
2014-05-21 11:57 ` Markus Armbruster
2014-05-22 3:27 ` Gonglei (Arei)
2014-05-22 5:43 ` Gerd Hoffmann
2014-05-22 6:10 ` Gonglei (Arei)
2014-05-22 5:44 Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52A9DB3F.4010902@redhat.com \
--to=eblake@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).