I noticed that 'yes' did not use pipe2_safer to check that the file
descriptors aren't any of the standard file descriptors. This fixes
that and some similar cases in other programs.
Is it worth a NEWS mention? I assume that it is difficult to reach a
point where pipe or pipe2 would open a standard file descriptor in
these areas, give that this hasn't been reported as a bug.
-- 8< --
* bootstrap.conf (gnulib_modules): Add pipe2-safer.
* cfg.mk (sc_require_unistd_safer): New rule for 'make syntax-check'.
* gl/lib/fd-reopen.c: Include unistd--.h instead of unistd.h.
* src/sort.c: Include unistd--.h.
* src/split.c: Likewise.
* src/yes.c: Likewise.
---
bootstrap.conf | 1 +
cfg.mk | 13 +++++++++++++
gl/lib/fd-reopen.c | 2 +-
src/sort.c | 1 +
src/split.c | 1 +
src/yes.c | 1 +
6 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/bootstrap.conf b/bootstrap.conf
index 5f15a82f9..6119c0f88 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -213,6 +213,7 @@ gnulib_modules="
physmem
pipe-posix
pipe2
+ pipe2-safer
posix-shell
posix_spawn
posix_spawn_file_actions_addclose
diff --git a/cfg.mk b/cfg.mk
index 27b63f93b..aa2c86e23 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -603,6 +603,19 @@ sc_require_stdlib_safer:
else :; \
fi
+# Ensure that "unistd--.h" is used where appropriate.
+sc_require_unistd_safer:
+ @if $(VC_LIST_EXCEPT) | grep -l '\.[ch]$$' > /dev/null; then \
+ files=$$(grep -El '$(begword)(pipe2?|dup[23]?) ?\(' \
+ $$($(VC_LIST_EXCEPT) \
+ | grep '\.[ch]$$')); \
+ test -n "$$files" && grep -LE 'include "unistd--.h"' $$files \
+ | grep . && \
+ { echo '$(ME): the above files should use "unistd--.h"' \
+ 1>&2; exit 1; } || :; \
+ else :; \
+ fi
+
sc_prohibit_perl_hash_quotes:
@prohibit="\{'[A-Z_]+' *[=}]" \
halt="in Perl code, write \$$hash{KEY}, not \$$hash{'K''EY'}" \
diff --git a/gl/lib/fd-reopen.c b/gl/lib/fd-reopen.c
index 10fb40bbd..607235feb 100644
--- a/gl/lib/fd-reopen.c
+++ b/gl/lib/fd-reopen.c
@@ -23,7 +23,7 @@
#include <errno.h>
#include <fcntl.h>
-#include <unistd.h>
+#include "unistd--.h"
/* Open a file to a particular file descriptor. This is like standard
'open', except it always returns DESIRED_FD if successful. */
diff --git a/src/sort.c b/src/sort.c
index c35890ec2..e20ed2c8f 100644
--- a/src/sort.c
+++ b/src/sort.c
@@ -51,6 +51,7 @@
#include "stdlib--.h"
#include "strnumcmp.h"
#include "term-sig.h"
+#include "unistd--.h"
#include "xmemcoll.h"
#include "xnanosleep.h"
#include "xstrtol.h"
diff --git a/src/split.c b/src/split.c
index e5fd0ae2e..4786df827 100644
--- a/src/split.c
+++ b/src/split.c
@@ -40,6 +40,7 @@
#include "sig2str.h"
#include "sys-limits.h"
#include "temp-stream.h"
+#include "unistd--.h"
#include "xbinary-io.h"
#include "xdectoint.h"
#include "xstrtol.h"
diff --git a/src/yes.c b/src/yes.c
index 91e540eba..1a1d74ce5 100644
--- a/src/yes.c
+++ b/src/yes.c
@@ -27,6 +27,7 @@
#include "full-write.h"
#include "isapipe.h"
#include "long-options.h"
+#include "unistd--.h"
/* The official name of this program (e.g., no 'g' prefix). */
#define PROGRAM_NAME "yes"
--
2.53.0
