-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Jim Meyering on 10/22/2009 4:14 AM: >>> exposes the bug. Why? Because our replacement <sys/stat.h> declares stat >>> as an object-like macro, but stat(1) had a usage pattern that hid rpl_stat >>> from view and directly called the buggy stat. OK to commit? >> Good catch. Please do. >> >>> Also, I'm reattaching the stdbuf readlink() cleanup patch from a few days >>> ago; I've now tested it on Linux. What file contains maintainer syntax >>> checks to ensure we don't reintroduce raw '\breadlink(at)?' or 'stat :'? >> cfg.mk is where I've been putting coreutils-specific syntax checks. > > Here's part of it: > >>From cbf36952d8c227aa5e46acf8643458a7fd51d473 Mon Sep 17 00:00:00 2001 > From: Jim Meyering <[email protected]> > Date: Thu, 22 Oct 2009 12:12:24 +0200 > Subject: [PATCH] build: prohibit direct use of readlink or readlinkat
How about this for the other part? - -- Don't work too hard, make some time for fun as well! Eric Blake [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrhnSkACgkQ84KuGfSFAYCM+wCfdiui35vokUhehkI1QwBG6A+c l84AnRKC1UjIh/QyednrYePnpQvdPnYb =ogSa -----END PGP SIGNATURE-----
>From efd1f7ff8c9531fede007e825c167995ec0eea68 Mon Sep 17 00:00:00 2001 From: Eric Blake <[email protected]> Date: Fri, 23 Oct 2009 06:06:46 -0600 Subject: [PATCH] build: prohibit improper use of stat and lstat * cfg.mk (sc_prohibit_stat_macro_address): New rule. * src/ln.c (do_link): Adjust comment to avoid rule. * src/stat.c (do_stat): Likewise. * src/touch.c (main): Likewise. --- cfg.mk | 6 ++++++ src/ln.c | 2 +- src/stat.c | 2 +- src/touch.c | 2 +- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/cfg.mk b/cfg.mk index 807d3c9..79f8066 100644 --- a/cfg.mk +++ b/cfg.mk @@ -197,6 +197,12 @@ sc_prohibit_readlink: msg='do not use readlink(at); use via xreadlink or areadlink*' \ $(_prohibit_regexp) +# Don't use address of "stat" or "lstat" functions +sc_prohibit_stat_macro_address: + @re='stat '':|&l?stat\>' \ + msg='stat() and lstat() may be function-like macros' \ + $(_prohibit_regexp) + # Ensure that date's --help output stays in sync with the info # documentation for GNU strftime. The only exception is %N, # which date accepts but GNU strftime does not. diff --git a/src/ln.c b/src/ln.c index 4f75c19..197a8fa 100644 --- a/src/ln.c +++ b/src/ln.c @@ -138,7 +138,7 @@ do_link (const char *source, const char *dest) { /* Which stat to use depends on whether linkat will follow the symlink. We can't use the shorter - (logical ? stat : lstat) (source, &source_stats) + (logical?stat:lstat) (source, &source_stats) since stat might be a function-like macro. */ if ((logical ? stat (source, &source_stats) : lstat (source, &source_stats)) diff --git a/src/stat.c b/src/stat.c index d3e16d7..ae54911 100644 --- a/src/stat.c +++ b/src/stat.c @@ -903,7 +903,7 @@ do_stat (char const *filename, bool terse, char const *format) } } /* We can't use the shorter - (follow_links ? stat : lstat) (filename, &statbug) + (follow_links?stat:lstat) (filename, &statbug) since stat might be a function-like macro. */ else if ((follow_links ? stat (filename, &statbuf) diff --git a/src/touch.c b/src/touch.c index d44bd27..11d73ce 100644 --- a/src/touch.c +++ b/src/touch.c @@ -348,7 +348,7 @@ main (int argc, char **argv) if (use_ref) { struct stat ref_stats; - /* Don't use (no_dereference ? lstat : stat) (args), since stat + /* Don't use (no_dereference?lstat:stat) (args), since stat might be an object-like macro. */ if (no_dereference ? lstat (ref_file, &ref_stats) : stat (ref_file, &ref_stats)) -- 1.6.5.rc1
