From 4cf8bebf716cad62f75251370a5909a748dd744a Mon Sep 17 00:00:00 2001 From: Olivier Gayot Date: Thu, 19 Sep 2019 14:58:29 +0200 Subject: Do not return true from slurp() if it failed to read Failing to read() some data into the destination buffer from the slurp() function was not considered an error. This means that we were potentially leaving the caller with an uninitialized destination buffer without letting him know it's uninitialized. It is quite unlikely that a single call to read() would ever fail right after a successful call to open(..., O_RDONLY). However, one practical example of this happening is when the file being opened is actually a directory. Fixed by propagating the error (i.e. returning false from slurp()) if the call to read() fails. Signed-off-by: Olivier Gayot --- src/general.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/general.c') diff --git a/src/general.c b/src/general.c index 1b11bd8..ca6884b 100644 --- a/src/general.c +++ b/src/general.c @@ -27,7 +27,7 @@ bool slurp(const char *filename, char *destination, int size) { destination[n] = '\0'; (void)close(fd); - return true; + return n != -1; } /* -- cgit v1.2.3 From 49cf3d7edb0b53f83ffd9c137901a05446cfcad4 Mon Sep 17 00:00:00 2001 From: Olivier Gayot Date: Thu, 19 Sep 2019 15:36:00 +0200 Subject: Mention the return value of the slurp function and the implications Signed-off-by: Olivier Gayot --- src/general.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/general.c') diff --git a/src/general.c b/src/general.c index ca6884b..e3d4f96 100644 --- a/src/general.c +++ b/src/general.c @@ -14,6 +14,9 @@ /* * Reads size bytes into the destination buffer from filename. * + * On success, true is returned. Otherwise, false is returned and the content + * of destination is left untouched. + * */ bool slurp(const char *filename, char *destination, int size) { int fd; -- cgit v1.2.3