Hi Todd, Todd C. Miller wrote on Sat, Jan 12, 2019 at 08:04:31PM -0700: > On Sat, 12 Jan 2019 16:45:46 +0100, Ingo Schwarze wrote: >> I did not attempt to hunt down all offenders. >> Would you regard that as a whorthwhile endeavour? >> Note that would not only require considering bogus leftovers >> in our code, but also considering what other systems might do. >> >> I just thought it made sense to remove misleading statements about >> our own code, but not not without warning about related portability >> issues while there.
> I just thought that if we were going to mention this problem at > all, then we should do so in strtod() as well. And since printf(3) > and scanf(3) suffer from the same issue as wprintf(3) and wscanf(3) > I see no reason to only include the warning in the wide versions. Hm, that makes sense. We can mention cases that we are already aware of even if we are not sure the list is complete, even if it is not easy to make it complete. > I'm not advocating that we try to hunt down all possible affected > functions. Actually, I wish there was a single central place we > could document this where people would see it, but I'm not sure > there really is one. I think there is. The only functions that are really dangerous in this respect are setlocale(3) and uselocale(3). As long as you don't call either of these two, not much can go wrong. So adding a subsection to the setlocale(3) manual, containing lists of functions that are likely to break when you call setlocale(3) with bad arguments on non-OpenBSD systems, might make sense. Even if we can't guarantee completeness of these lists, they will give programmers a better idea about the approximate scopes and sizes of the traps. Once we have that, very short pointers in individual pages become sufficient: one short sentence including .Xr setlocale 3 below CAVEATS. Less bloat everywhere, better overview in the one critical place. Does that make sense? Yours, Ingo
