Todd C. Miller <[email protected]> wrote:
> On Fri, 18 Jun 2021 15:05:52 -0600, "Theo de Raadt" wrote:
>
> > Without considering the cases where an incorrect value is passed in...
> >
> > How many pieces of code have you found that inspect the return value?
>
> Very few. My concern is for those that use the return value when
> determining how much time is "left" to sleep. E.g.
>
> u_int sleep_time = 300;
> u_int slept;
>
> while (sleep_time > 0) {
> slept = alarm(sleep_time);
> sleep_time -= slept;
> }
>
> If alarm() spuriously returns UINT_MAX that would be unhelpful. Of
> course, if alarm() _always_ fails for some reason and returns 0 on
> error that is probably just as bad if not worse. :-)
>
> So perhaps it doesn't really matter either way.
OK. How any pieces of code were found which do that?
I mean, code search for ' = alarm('
