On 2021/01/26 15:31, Clemens Gößnitzer wrote: > January 26, 2021 3:44 PM, "Hiltjo Posthuma" <[email protected]> wrote: > > On Sat, Jan 16, 2021 at 04:29:27PM +0100, Hiltjo Posthuma wrote: > >> On Mon, Jan 11, 2021 at 07:50:55PM +0100, Hiltjo Posthuma wrote: > >> > >> The below patch pledges the iconv binary in the libiconv package. The tool > >> is > >> useful for converting text-encoding of text data to UTF-8 for example. > >> > >> It now uses pledge("stdio", NULL) if only using stdin/stdout. It uses > >> pledge("stdio rpath", NULL) when specifying files. > >> > >> I've tested many command-line option combinations and haven't found missing > >> promises which cause an abort(). > >> > >> Patch: .. > >> +@@ -846,6 +849,9 @@ > >> + struct iconv_hooks hooks; > >> + int i; > >> + int status; > >> ++ > >> ++ if (pledge(i == argc ? "stdio" : "stdio rpath", NULL) == -1) > > Wouldn't you use i uninitialised here? > > >> ++ err(1, "pledge"); > >> + > >> + set_program_name (argv[0]); > >> + #if HAVE_SETLOCALE > >> --
Yes, it needs to be done after parsing the arguments in the loop after calling textdomain(). Looks like it was previously done like that but moved before sending out the diff? I assume it was moved so that more of the code was moved under pledge. Better approach might be to unconditionally pledge stdio rpath, then, after the loop, conditionally pledge again to drop rpath if possible. It would be nicer to use the error function used in the rest of the file rather than pulling in another header for err().
