On Fri, Feb 05, 2010 at 02:59:17PM +0100, Jim Meyering wrote: > To my chagrin, I saw that my most recent commit introduced > compilation errors. Sorry about that. > Here's how I propose to fix it. > > >From 2d948a373ecebec6c06274f61b31d1ae9c40ae41 Mon Sep 17 00:00:00 2001 > From: Jim Meyering <meyering@xxxxxxxxxx> > Date: Fri, 5 Feb 2010 14:57:35 +0100 > Subject: [PATCH] (absolutePathFromBaseFile): fix up preceding commit > > * src/util/storage_file.c: Include <assert.h>. > (absolutePathFromBaseFile): Assert that converting size_t to int is valid. > Reverse length/string args to match "%.*s". > Explicitly ignore the return value of virAsprintf. > --- > src/util/storage_file.c | 7 ++++++- > 1 files changed, 6 insertions(+), 1 deletions(-) > > diff --git a/src/util/storage_file.c b/src/util/storage_file.c > index 2c79fa9..135acec 100644 > --- a/src/util/storage_file.c > +++ b/src/util/storage_file.c > @@ -26,7 +26,9 @@ > > #include <unistd.h> > #include <fcntl.h> > +#include <assert.h> > #include "dirname.h" > +#include "ignore-value.h" > #include "memory.h" > #include "virterror_internal.h" > > @@ -255,7 +257,10 @@ absolutePathFromBaseFile(const char *base_file, const char *path) > if (*path == '/' || d_len == 0) > return strdup(path); > > - virAsprintf(&res, "%.*s/%s", base_file, d_len, path); > + /* Ensure that the following cast-to-int is valid. */ > + assert (d_len <= INT_MAX); > + > + ignore_value(virAsprintf(&res, "%.*s/%s", (int) d_len, base_file, path)); > return res; > } NACK to this and any use of assert(). If the function can conceivably fail the assertion, then we need to return an error code, not abort(). Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list