Silent reverting of my changes to libdebian-installer

To: debian-boot@lists.debian.org, Bastian Blank <waldi@debian.org>
Subject: Silent reverting of my changes to libdebian-installer
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 3 Nov 2008 13:34:10 +0000
Message-id: <[🔎] 20081103133410.GI4735@riva.ucam.org>
Mail-followup-to: debian-boot@lists.debian.org, Bastian Blank <waldi@debian.org>

In libdebian-installer 0.60, I made the following change (r55491):

  * Appease the combination of _FORTIFY_SOURCE=2 (used by default on Ubuntu)
    and -Werror. Why exactly glibc demands that fwrite be checked but not
    fputs is beyond me.

In libdebian-installer 0.61, Bastian Blank made the following change
(r56169):

  * Remove workarounds for ignored errors.

... which simply reverts my change. Because as far as I can tell nobody
had the basic courtesy to mail me about this, I didn't notice until
today.

Funnily enough, I didn't make that change to annoy people; I made it
because I needed it, and I committed it to upstream d-i because it was
harmless and there was no point in introducing divergence between Debian
and Ubuntu for something harmless to Debian. (People criticise me enough
for the cases that *are* currently necessary that I'd rather keep
divergence to a minimum, which I thought was a goal everyone could
happily agree with and certainly one I am currently working towards; in
this case the change seemed uncomplicated and it was my judgement that
it was unlikely to cause offence, so I didn't feel I needed to waste
people's time by mailing it to the list. Furthermore I'm in libd-i's
Uploaders and as far as I know nobody has objected to that!)

Bastian's claim that the error is ignored is wrong in one of the two
cases; my pipe change does not ignore the error.

I think my change should be reinstated because:

  * Even though my fwrite change has no functional effect, it documents
    that the error is known and ignored for the time being, which is
    worthwhile and generally good practice. It happens to do so in such
    a way as to appease -D_FORTIFY_SOURCE=2 -Werror, which I don't think
    is harmful (note that this is not the thin end of the wedge; this
    set of libd-i changes was the only set of changes I had to make to
    all of d-i for this, although that may well be because -Werror is
    not used universally). I can probably arrange to wrap it in a macro
    for readability if you'd prefer that.

    Note that this is a real and not insignificant bug; if you run out
    of memory, di_parser_rfc822_write_file may silently truncate the
    file it's writing. This is surely worth a FIXME comment or two even
    if they aren't pretty.

  * My pipe change in internal_di_exec has a real functional effect: it
    causes internal_di_exec to fail if pipe fails, rather than merrily
    carrying on as if nothing had happened. The code as reverted is
    simply wrong even if the compiler flags in use by default in Debian
    don't notice it. pipe can fail for slightly unlikely but quite
    possible reasons (e.g. running out of per-process file descriptors),
    and in the event that that happens then internal_di_exec shouldn't
    just carry on.

Perhaps I should have written more about this in my changelog comment,
but I thought it would be obvious that compiler warnings (converted to
errors by -Werror) often indicate real bugs.

I'm quite happy to have a civilised discussion about these changes;
circumstances beyond my control force me to carry some kind of fix for
-D_FORTIFY_SOURCE=2 -Werror compilation in Ubuntu regardless, but that
doesn't mean that their form is fixed. I really object to this practice
of backing out changes without comment though.

The patch content of r55491 is attached to this mail.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Index: debian/changelog
===================================================================
--- debian/changelog	(revision 55490)
+++ debian/changelog	(revision 55491)
@@ -2,6 +2,9 @@ libdebian-installer (0.60) UNRELEASED; urgency=low
 
   * Remove incorrect unused attribute from di_packages_parser_read_name's
     user_data parameter.
+  * Appease the combination of _FORTIFY_SOURCE=2 (used by default on Ubuntu)
+    and -Werror. Why exactly glibc demands that fwrite be checked but not
+    fputs is beyond me.
 
  -- Colin Watson <cjwatson@debian.org>  Mon, 01 Sep 2008 23:50:02 +0100
 
Index: src/parser_rfc822.c
===================================================================
--- src/parser_rfc822.c	(revision 55490)
+++ src/parser_rfc822.c	(revision 55491)
@@ -244,9 +244,15 @@ cleanup:
 static void callback (const di_rstring *field, const di_rstring *value, void *data)
 {
   FILE *f = data;
-  fwrite (field->string, field->size, 1, f);
+  if (fwrite (field->string, field->size, 1, f) < 1)
+  {
+    /* FIXME: can't handle write errors, but appease _FORTIFY_SOURCE=2 */
+  }
   fputs (": ", f);
-  fwrite (value->string, value->size, 1, f);
+  if (fwrite (value->string, value->size, 1, f) < 1)
+  {
+    /* FIXME: can't handle write errors, but appease _FORTIFY_SOURCE=2 */
+  }
   fputs ("\n", f);
 }
 
Index: src/exec.c
===================================================================
--- src/exec.c	(revision 55490)
+++ src/exec.c	(revision 55491)
@@ -60,7 +60,19 @@ static int internal_di_exec (const char *path, boo
   }
 
   for (i = 0; i < pipes; i++)
-    pipe (&fds[i * 2]);
+  {
+    if (pipe (&fds[i * 2]) < 0)
+    {
+      int j;
+      di_log (DI_LOG_LEVEL_WARNING, "pipe failed");
+      for (j = 0; j < i; j++)
+      {
+        close (fds[i * 2]);
+        close (fds[i * 2 + 1]);
+      }
+      return -1;
+    }
+  }
 
   pid = fork ();

Reply to:

Prev by Date: Bug#504381: rootskel: noshell boot option for unattended installations
Next by Date: Bug#504397: ext2_or_ext3_boot check fails when /boot is RAID
Previous by thread: Re: Sparc d-i terminal weirdness?
Next by thread: Bug#504397: ext2_or_ext3_boot check fails when /boot is RAID
Index(es):
- Date
- Thread