> Date: Sat, 22 Jul 2017 15:29:17 +0200
> From: Ingo Schwarze <[email protected]>
>
> Hi Scott,
>
> Scott Cheloha wrote on Fri, Jul 21, 2017 at 05:03:11PM -0500:
>
> > Per encouragement from deraadt@,
>
> Not sure what exactly he said, but i'm quite sure you misunderstood him.
>
> I have both removed and added (void) casts in the past.
>
> Removed from functions like close(3) where they are usually pointless
> and only a distraction to the reader.
>
> Added to functions like strlcpy(3) where ignoring the return value
> is often a serious bug. In such a case, (void) is not intended for
> some compiler, but for human consumption. Its meaning is: This
> call has been carefully audited. Contrary to the usual situation,
> we can safely ignore the return value here, either because the
> buffer is so large that it can never become full at this point, or
> because truncation is not a problem at this point.
>
> This cannot be formalized.
>
> There may be cases where (void) makes sense even on a function like
> close(3) - if for some specific reason, an auditor might think that
> failure is exceptionally dangerous in that particular situation,
> but actually, it is not. And there may be situations where strlcpy(3)
> without (void) is not a style issue, for example if a whole file
> uses it a lot with some consistent idiom that doesn't require
> overflow checking.
Note that GCC hase a "warn_unused_result" attribute that can be used
to annotate functions for which ignoring the return value is
dangerous:
--- unused.c ---
int foo(void) __attribute__((warn_unused_result));
int
foo(void)
{
return -1;
}
void
bar(void)
{
(void)foo();
}
--- unused.c ---
$ gcc -c unused.c
unused.c: In function 'bar':
unused.c:12: warning: ignoring return value of 'foo', declared with attribute
warn_unused_result
I think it would be good if you started using that in our system
headers for some functions. clang allows one to suppress the warning
by using the (void) cast, gcc doesn't though.
