On Wed, Jul 8, 2015 at 10:18 PM, Noah Misch <noah@leadboat.com> wrote:
> One function had a comment explaining its workaround for an OS bug, while
> another function ignored the same bug. That is always a defect in the
> comments at least; our code shall tell a uniform story about its API
> assumptions. I started this thread estimating that it would end with me
> merely deleting the comment. Thomas Munro and Tom Lane located evidence I
> hadn't found, evidence that changed the conclusion.
That seems very reasonable. I noticed that you removed the glibc
strxfrm() comment (or at least the questioning of its behavior), which
was a good decision.
>> When you have to worry about a standard library function
>> blithely writing past the end of a buffer, when its C89 era interface
>> must be passed the size of said buffer, where does it end?
>
> Don't worry about the possibility of such basic bugs until someone reports
> one. Once you have such a report, though, assume the interface behaves as
> last reported until you receive new evidence. We decide whether to work
> around such bugs based on factors like prevalence of affected systems,
> simplicity of the workaround, and ease of field diagnosis in the absence of
> the workaround.
I must admit that I was rather surprised that more or less the same
blitheness about writing past the end of a buffer occurred a second
time in an apparently independent standard library implementation. I
think that illustrates your point well.
Thanks
--
Peter Geoghegan