[6279] in bugtraq
Re: the purpose of dynamic memory allocation
daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Tue Mar 10 22:27:01 1998
Date: Tue, 10 Mar 1998 20:07:21 -0500
Reply-To: Jeffrey Hutzelman <jhutz+@cmu.edu>
From: Jeffrey Hutzelman <jhutz+@CMU.EDU>
X-To: David LeBlanc <dleblanc@MINDSPRING.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.3.32.19980310091124.00ba4210@mindspring.com>
> Along the same lines, I've seen the following occur:
>
> while(bytes = recv(sock, buf, bufsize, 0))
> write(fd, buf, bytes);
>
> Normally, recv fails with a 0, but if things go wrong, it will fail with a
> -1. The third argument to write is UNSIGNED. If that occurs, we'll start
> at the addr of buf, and attempt to write 4GB to the fd. This is just one
> example of why I do not consider signed-unsigned mismatch warnings to be
> inconsequential.
recv returns the number of bytes received, or -1 if there is an error.
The only way it can return 0 is if a 0-byte message is received
(e.g. a 0-length UDP packet). While I'll agree that complaints about
size and signed-ness mismatches are a Good Thing, the above code
suffers from the (IMHO) much worse problem of failing to check for
an error return from recv....
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
