-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I assume that Paul forgot these files when porting from coreutils, so I am
checking this in (as I found a bug in m4 that would be solved by using
mkstemp_safer).
lib/ChangeLog:
2006-07-21 Eric Blake [EMAIL PROTECTED]
* stdlib-safer.h: New
POSIX states that:
If, at normal process termination, a function registered by the atexit()
function is called and a portable application needs to stop further exit()
processing, it must call the _exit() function or the _Exit() function or one of
the functions which cause abnormal process
Eric Blake [EMAIL PROTECTED] wrote:
POSIX states that:
If, at normal process termination, a function registered by the atexit()
function is called and a portable application needs to stop further exit()
processing, it must call the _exit() function or the _Exit() function or one
of
the
Even after using stdio-safer, m4 still has a bug where stderr can be clobbered;
it is the third case in:
http://lists.gnu.org/archive/html/bug-m4/2006-07/msg00021.html
I traced it to the fact that we don't have tmpfile_safer. I based my
implementation on Paul's fopen trick, which uses at most
Jim Meyering [EMAIL PROTECTED] writes:
It must be portable in practice.
There are tests of this behavior that are run as part of
coreutils' make check (see tests/help-version), so I doubt
we'll see any problem.
I'm a bit more cautious here. I think it's possible, for example,
that if a
Eric Blake [EMAIL PROTECTED] writes:
I assume that Paul forgot these files when porting from coreutils, so I am
checking this in (as I found a bug in m4 that would be solved by using
mkstemp_safer).
Thanks, yes, I did forget.
Paul Eggert eggert at CS.UCLA.EDU writes:
How about something like this change? It's simple, and it fixes the
(perhaps-theoretical) problem. One price we pay is that you must be
careful about the order of atexit calls, but coreutils already invokes
atexit (close_stdout) first, so that
Eric Blake [EMAIL PROTECTED] writes:
This is a behavior change - previously, you could use close_stdout outside of
an atexit handler, and still have atexit handlers invoked on error.
Yes, that's true.
Should we document this change in the comment at the start of
close_stdout (as opposed to
Also, should we make the
closeout module depend on the atexit module?
I'd say not, since we assume C89 or better these days. As I
understand it the atexit module is needed only for SunOS 4 and
earlier, which is no longer of concern.
Should we go ahead and delete the atexit module, then?