On Mon, Jun 08, 2020 at 05:41:34PM -0400, Randall S. Becker wrote: > I just wanted to check the following calls to make sure that it does not > fwrite or write should be xread/xwrite or are guaranteed not to exceed > MAX_IO_SIZE: > > strbuf.c: strbuf_write, strbuf_write_fd, the size is not specified. > > The other uses of read/write appear to be safe. strbuf_write() is using fwrite(), and we don't enforce MAX_IO_SIZE with stdio anywhere else. And I'd expect in general that if there are any platform limitations, the system libc would choose a sane value anyway. So that one is probably fine. I think strbuf_write_fd() is wrong to use a raw write(), but for several reasons: - it won't enforce MAX_IO_SIZE, as you note - it won't handle EINTR, etc; callers need to be prepared to restart such a write - it won't handle a partial write by looping until all output is sent For the latter two, there are cases where some callers want the flexibility to stop when seeing a signal or a partial write. But I don't think that makes any sense for strbuf_write_fd(). If I pass in a strbuf with 8kb of data and I get a return value that indicates we only wrote 4kb, what do I do next? I certainly can't call strbuf_write_fd() again, since it would write from the beginning of the strbuf again. I'd have to call xwrite() myself after that. At which point I may as well have done so for the first call. :) So I think this really ought to be using write_in_full(). There's only one caller, and I think it would be improved by the switch. Do you want to write a patch? You could make an argument that the fwrite() version ought to also loop, since it's possible to get a partial write there, too. But we don't do that in general. I suspect in practice most stdio implementations will keep writing until they see an error, and most callers don't bother checking stdio errors at all, or use ferror(). -Peff
