Re: proposed new module careadlinkat (renamed from breadlinkat)

[Bruno Haible]

Paul Eggert wrote:
> +/* Suitable values for careadlinkat's FD and PREADLINKAT arguments,
> +   when doing a plain readlink.  */

Even with the improved documentation, there is a small risk that a programmer
does not understand how 'careadlinkatcwd' is meant to be used. For this reason,
it would be safer to check the 'fd' argument rather than to blindly ignore it.
Here's a proposed patch:


2011-04-09  Bruno Haible  <address@hidden>

        careadlinkat: Guard against misuse of careadlinkatcwd.
        * lib/careadlinkat.c: Include <stdlib.h>.
        (careadlinkatcwd): Check that the fd argument is as expected.

--- lib/careadlinkat.c.orig     Sat Apr  9 18:50:58 2011
+++ lib/careadlinkat.c  Sat Apr  9 18:50:48 2011
@@ -26,6 +26,7 @@
 
 #include <errno.h>
 #include <limits.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
@@ -39,14 +40,17 @@
 #endif
 
 #if ! HAVE_READLINKAT
-/* Ignore FD.  Get the symbolic link value of FILENAME and put it into
-   BUFFER, with size BUFFER_SIZE.  This function acts like readlink
-   but has readlinkat's signature.  */
+/* Get the symbolic link value of FILENAME and put it into BUFFER, with
+   size BUFFER_SIZE.  This function acts like readlink  but has
+   readlinkat's signature.  */
 ssize_t
 careadlinkatcwd (int fd, char const *filename, char *buffer,
                  size_t buffer_size)
 {
-  (void) fd;
+  /* FD must be AT_FDCWD here, otherwise the caller is using this
+     function in contexts for which it was not meant for.  */
+  if (fd != AT_FDCWD)
+    abort ();
   return readlink (filename, buffer, buffer_size);
 }
 #endif

-- 
In memoriam Georg Elser <http://en.wikipedia.org/wiki/Georg_Elser>