Hi Scott, Scott Cheloha wrote on Fri, Jul 21, 2017 at 05:03:11PM -0500:
> Per encouragement from deraadt@, Not sure what exactly he said, but i'm quite sure you misunderstood him. I have both removed and added (void) casts in the past. Removed from functions like close(3) where they are usually pointless and only a distraction to the reader. Added to functions like strlcpy(3) where ignoring the return value is often a serious bug. In such a case, (void) is not intended for some compiler, but for human consumption. Its meaning is: This call has been carefully audited. Contrary to the usual situation, we can safely ignore the return value here, either because the buffer is so large that it can never become full at this point, or because truncation is not a problem at this point. This cannot be formalized. There may be cases where (void) makes sense even on a function like close(3) - if for some specific reason, an auditor might think that failure is exceptionally dangerous in that particular situation, but actually, it is not. And there may be situations where strlcpy(3) without (void) is not a style issue, for example if a whole file uses it a lot with some consistent idiom that doesn't require overflow checking. It is really a case-by-case decision: Does it help or distract a human auditor? > here's a diff that explicitly > discourages casting unused return values to void. Not OK. > Index: share/man/man9/style.9 > =================================================================== > RCS file: /cvs/src/share/man/man9/style.9,v > retrieving revision 1.71 > diff -u -p -r1.71 style.9 > --- share/man/man9/style.9 10 Jul 2017 21:39:38 -0000 1.71 > +++ share/man/man9/style.9 21 Jul 2017 21:49:14 -0000 > @@ -514,6 +514,9 @@ Routines returning > .Li void * > should not have their return values cast to any pointer type. > .Pp > +Do not cast unused return values to > +.Li void . > +.Pp > Use the > .Xr err 3 > and
