On Sun, Aug 15, 2021 at 06:57:54AM -0500, Rob Landley wrote: > > It is too difficult for me to figure out the direction in which the > > toybox design moves and where it comes from and which kind of errors are > > accepted or even embraced (like data types, signed overflows). > > I disagree with you on a design decision, therefore I am inscrutable?
I did not call you inscrutable. Please do not put words into my text which are not there. But to clarify my problems with understanding this project: On one hand you think about supporting arbitrarily long lines (your readline discussion) on the other hand you want to limit the size of tar headers to PATH_MAX (it is not necessarily enough because the pax extended headers can have multiple entries and only one of them could be the path) and ignore memory leaks of arbitrarily large tar streams. On one hand you disagree on portability or implied documentation of data types on the other hand you consider PATH_MAX although it is a portability macro itself. I do not understand why int should be the correct type for a library function which reads data from a stream if the underlying library function uses size_t. It should be at least unsigned int because -1 would make no sense as parameter. If at all it would make sense to treat values larger than INT_MAX in a way like the tor project does: Insert an upper boundary check to library functions and fail if they are triggered. My assumption that signed overflows are ignored results from du.c: // Modern compilers' optimizers are insane and think signed overflow // behaves differently than unsigned overflow. Sigh. Big hammer. I'm out of here. I wish you and the toybox project the best. _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
