#3899: mutt_ssl's interactive_check_cert() has several issues
-----------------------+----------------------
Reporter: kevin8t8 | Owner: mutt-dev
Type: defect | Status: closed
Priority: major | Milestone:
Component: crypto | Version:
Resolution: fixed | Keywords:
-----------------------+----------------------
Comment (by derekmartin):
Replying to [comment:2 vinc17]:
> {{{
> #define numberof(x) (sizeof (x) / sizeof ((x)[0]))
>
> for (i = 0; i < numberof(parts); i++)
> }}}
I think this kind of macro, much like the macro in bug #3880, is bad
business. What if it gets used with a pointer rather than an array? The
syntax is still fine, it'll compile, but it will break, in a way that may
be difficult to notice, depending on exactly how it's used.
{{{
$ cat foo.c
#include <stdio.h>
#define n(x) (sizeof (x) / sizeof ((x)[0]))
int main(int argc, char **argv)
{
long int a[4];
long int *b = a;
printf("sizeof a = %ld, size of a[0] = %ld\n", sizeof a, sizeof a[0]);
printf("n(a) = %ld\n", n(a));
printf("sizeof b = %ld, size of b[0] = %ld\n", sizeof b, sizeof b[0]);
printf("n(b) = %ld\n", n(b));
return 0;
}
$ ./foo
sizeof a = 32, size of a[0] = 8
n(a) = 4
sizeof b = 8, size of b[0] = 8
n(b) = 1
}}}
Not cool. It's been my experience that many less-careful programmers will
see a construct used and try to reuse it without really understanding
it... If they use this with data that just happens to be of the right
size it'll seem to work, but in most cases it will break.
Better would be something like:
{{{
#define CERT_CHECK_PARTS 7
typedef int cert_check_parts[CERT_CHECK_PARTS];
[...]
const cert_check_parts = { ... };
[...]
for (i = 0; i < CERT_CHECK_PARTS; ++i) ...
}}}
Better still would be to use a struct instead of the int array, and define
helper functions to define the struct and to sprintf the struct into a
buffer, since those actions are repeated. It's only slightly more code,
but WAY more explicit and much safer.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3899#comment:10>
Mutt <http://www.mutt.org/>
The Mutt mail user agent