On Fri, Jun 18, 2021 at 12:27:13PM -0600, Theo de Raadt wrote:
> Todd C. Miller <[email protected]> wrote:
>
> > On Fri, 18 Jun 2021 12:13:54 -0600, "Theo de Raadt" wrote:
> >
> > > I don't understand what you are solving.
> > >
> > > The way I look at it... you want to convert one kind of bug into a
> > > different kind of bug?
> > >
> > > In the end, the program quits, noone looks at the corefile, or is it
> > > in a privsep program and there is no corefile, and noone is the wiser
> > > and it never gets fixed.
> >
> > The problem is that alarm(3) is not allowed to fail and so there
> > is no standard way to check for failure if one were to occur. But
> > we either have to return *something* in this case or abort the
> > process.
>
> calling abort is a crazy harmful form of failing.
>
> > Personally, I think just returning either 0 or UINT_MAX in this
> > case is fine. I lean toward returning 0 in this case which is what
> > musl and glibc do.
If we're going to just return an arbitrary value shouldn't we keep
returning UINT_MAX as we always have? This would preserve compat with
the other BSD libc implementations, too.
I'd still like to remove the superfluous pointer (itp), but otherwise
there's nothing else we can improve here.
Index: alarm.c
===================================================================
RCS file: /cvs/src/lib/libc/gen/alarm.c,v
retrieving revision 1.9
diff -u -p -r1.9 alarm.c
--- alarm.c 28 Jun 2019 13:32:41 -0000 1.9
+++ alarm.c 18 Jun 2021 21:00:19 -0000
@@ -34,13 +34,12 @@
unsigned int
alarm(unsigned int secs)
{
- struct itimerval it, oitv;
- struct itimerval *itp = ⁢
+ struct itimerval itv, oitv;
- timerclear(&itp->it_interval);
- itp->it_value.tv_sec = secs;
- itp->it_value.tv_usec = 0;
- if (setitimer(ITIMER_REAL, itp, &oitv) == -1)
+ timerclear(&itv.it_interval);
+ itv.it_value.tv_sec = secs;
+ itv.it_value.tv_usec = 0;
+ if (setitimer(ITIMER_REAL, &itv, &oitv) == -1)
return ((unsigned int) -1);
if (oitv.it_value.tv_usec)
oitv.it_value.tv_sec++;
