Paul Eggert wrote:
> +/* Suitable values for careadlinkat's FD and PREADLINKAT arguments,
> + when doing a plain readlink. */
Even with the improved documentation, there is a small risk that a programmer
does not understand how 'careadlinkatcwd' is meant to be used. For this reason,
it would be safer to check the 'fd' argument rather than to blindly ignore it.
Here's a proposed patch:
2011-04-09 Bruno Haible <br...@clisp.org>
careadlinkat: Guard against misuse of careadlinkatcwd.
* lib/careadlinkat.c: Include <stdlib.h>.
(careadlinkatcwd): Check that the fd argument is as expected.
--- lib/careadlinkat.c.orig Sat Apr 9 18:50:58 2011
+++ lib/careadlinkat.c Sat Apr 9 18:50:48 2011
@@ -26,6 +26,7 @@
#include <errno.h>
#include <limits.h>
+#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@@ -39,14 +40,17 @@
#endif
#if ! HAVE_READLINKAT
-/* Ignore FD. Get the symbolic link value of FILENAME and put it into
- BUFFER, with size BUFFER_SIZE. This function acts like readlink
- but has readlinkat's signature. */
+/* Get the symbolic link value of FILENAME and put it into BUFFER, with
+ size BUFFER_SIZE. This function acts like readlink but has
+ readlinkat's signature. */
ssize_t
careadlinkatcwd (int fd, char const *filename, char *buffer,
size_t buffer_size)
{
- (void) fd;
+ /* FD must be AT_FDCWD here, otherwise the caller is using this
+ function in contexts for which it was not meant for. */
+ if (fd != AT_FDCWD)
+ abort ();
return readlink (filename, buffer, buffer_size);
}
#endif
--
In memoriam Georg Elser <http://en.wikipedia.org/wiki/Georg_Elser>
