fix and improve stdio error handling #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
the IO error checking currently done via the `*_noerr` functions are entirely misguided. stdio functions are typically buffered, so most of these calls are more or less just memcpy. and since the password isn't likely going to be big enough to fill the buffer to cause a flush (i,e an *actual* IO operation) these calls are almost never going to fail - with the exception of the newline character - which might cause a flush if stdout is "interactive" and thus set to line-buffered mode. but there's no guarantee stdout is interactive, user might want to pipe the output to some encryption tool for example. in such cases, the stdout flush will occur due to calling `exit()` and any errors that occur at that point will be entirely missed by the application. the proper way to error check stdio functions is to manually flush at the end and check for the error flag on the stream. here's the result before and after the patch: [dictpw master]~> ./build/dictpw >/dev/full [dictpw io_err]~> ./build/dictpw >/dev/full dictpw: Failed to write to stdout additionally, the way `*_noerr` functions are checking for `errno` is also confusing: * if the plan is to support only POSIX systems, then POSIX specifies fputs and fputc to set the errno on failure. so the `errno != 0` check is entirely redundant. * and if non-POSIX systems are to be supported, then the check is *incorrect* since ISO C doesn't require errno to be set for these functions on failure. so if such a system exists, the application will see that fputs failed but errno is 0 and thus will march on thinking everything went fine. one regression from this patch is that the exact cause of error is not known anymore. so the error message will be the same for any errors.
|
A couple more notes: this is just one way to deal with it. You could also:
if (fputs(str, stdout) == EOF || fflush(stdout) == EOF)
errx(1, "writing to stdout failed");
One more thing, keep in mind that library routines are allowed to modify errno even on success. So setting Finally, I'm not a user of this program, just happened to notice some potential improvement and thus opening the PR. I don't have much desire to work on this patch further, feel free to modify it or take the other routes suggested above. |
|
Thank you for this PR, I will switch to |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
the IO error checking currently done via the
*_noerrfunctions are entirely misguided. stdio functions are typically buffered, so most of these calls are more or less just memcpy. and since the password isn't likely going to be big enough to fill the buffer to cause a flush (i,e an actual IO operation) these calls are almost never going to fail - with the exception of the newline character - which might cause a flush if stdout is "interactive" and thus set to line-buffered mode.but there's no guarantee stdout is interactive, user might want to pipe the output to some encryption tool for example. in such cases, the stdout flush will occur due to calling
exit()and any errors that occur at that point will be entirely missed by the application.the proper way to error check stdio functions is to manually flush at the end and check for the error flag on the stream. here's the result before and after the patch:
additionally, the way
*_noerrfunctions are checking forerrnois also confusing:errno != 0check is entirely redundant.one regression from this patch is that the exact cause of error is not known anymore. so the error message will be the same for any errors.