On Thu, Apr 14, 2022 at 09:31:56AM +0200, Oliver Neukum wrote: > > > On 13.04.22 17:32, Dan Carpenter wrote: > > > > Bug: buffer partially filled. Information leak. > > > > If you return the bytes then the only correct way to write error > > handling is: > > > > if (ret < 0) > > return ret; > > if (ret != size) > > return -EIO; > > > You have to make up your mind on whether you ever need to read > answer of a length not known before you try it. The alternative of > passing a pointer to an integer for length is worse. How is it worse? Can you give an example, so I will write a static checker rule for it? There used to be more APIs that consistently caused bug after bug where we mixed positives success values with negative error codes. We converted some bad offenders to return the positive as a parameter and I was really happy about that. Another example I used to see a lot is request_irq() saved to an unsigned. These days I think GCC warns about that? Maybe the build bots get to it before I do. regards, dan carpenter
