diff options
author | Tavian Barnes <tavianator@tavianator.com> | 2020-11-04 11:36:47 -0500 |
---|---|---|
committer | Tavian Barnes <tavianator@tavianator.com> | 2020-11-04 11:36:47 -0500 |
commit | 726d78019593d5b5f192d2962f5bc975bfe85785 (patch) | |
tree | 88cbdef159df912a3ecd5e18ba16be470da1b77b /darray.c | |
parent | 9b34fc831eec048ee34d99250c240115f74b1bfa (diff) | |
download | bfs-726d78019593d5b5f192d2962f5bc975bfe85785.tar.xz |
spawn: Fix error pipe write failure handling
A short history lesson: this code (from exec.c) used to just be
write(...);
In 649d85b, an empty if block was added to placate _FORTIFY_SOURCE's
warn_unused_result:
if (write(...) != sizeof(error)) {
// ...
}
This is fine since the parent doesn't rely on receiving those writes
(e.g. the child could die before writing), and the small write to a pipe
won't fail anyway.
But when bfs_spawn() was created, the implementation changed to this:
while (write(...) < sizeof(error));
The while loop was presumably added to mirror musl's posix_spawn()
implementation, which handles EINTR. But musl's is actually correct:
while (write(...) < 0);
whereas mine has a subtle bug: since sizeof(error) is unsigned, the bfs
code did an unsigned comparison, meaning -1 from write() would *not*
restart the loop.
Fix it by comparing with 0 like musl, since short writes are impossible
here. Perhaps it's time for -Wsign-compare, despite the other 18
instances being false positives.
Diffstat (limited to 'darray.c')
0 files changed, 0 insertions, 0 deletions