"Enrico Weigelt, metux IT consult" <enrico.weig...@gr13.net> writes: > On 01.11.2015 14:52, Rainer Weikusat wrote: >> It's also strangely schizophrenic as there's no point in zero-filling >> the entire structure prior to initializing its members one by one >> which implies zero-filling the larger part of the second one[*] >> again. > > That's called "defensive programming" :p
"Cargo cult programming" would be more appropriate: Mindlessly imitiate something which made sense in a certain context, based on the assumption that this will 'magically' 'en-sense' the result. Initializing a variable twice is useless. > Indeed, there might be good reasons for doing so: if you really wanna > make sure that everything's zero'ed, even those members you dont > care for. Since there's no information regarding the intended use of such (hypothetical) "members one doesn't care for", there's no reason to assume that "zeroeing them" will be good for anything (and not actually the opposite of it). [...] >> The code is only correct if the length of the name argument is known >> to be less than the size of the buffer as strncpy won't insert a >> zero-byte otherwise, ie, on one hand, this use a size-checking >> function with fairly byzantine semantics, on the other hand, the code >> relies on 'knowing' that "/run/foobar.sk" will fit into the buffer >> while leaving space for a trailing zero. In case the length of the >> name is unknown, one would usually do something like > > In many cases, you dont really know whether the argument fits, so > you need to check it anyways. But the code didn't do that (as I explained): It relied on "knowing that it will fit" for correctness and the length check was just a useless addition. Whether or not this happened to be the cause because the author didn't know any better or because he intentionally intended to obscure the algorithm is open for speculation. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
