Hacker News new | ask | show | jobs
by astrobe_ 1835 days ago
The whole paragraph:

> Avoid arbitrary limits on the length or number of any data structure, including file names, lines, files, and symbols, by allocating all data structures dynamically. In most Unix utilities, “long lines are silently truncated”. This is not acceptable in a GNU utility.

... goes against MISRA C, which certainly is preferable in the domain I work, embedded systems - because dynamic allocations all over the place are a recipe for CVEs.
1 comments
jcelerier 1835 days ago
GNU is about making software for the end-user, that's the opposite of what MISRA is about
link
astrobe_ 1835 days ago
https://www.cvedetails.com/vulnerability-list/vendor_id-72/G...

A significant number of these CVEs are related to dynamic memory allocation (double-free, use-after-free).

Probably not all are the result of that piece of advice and probably some of those memory allocations were necessary, but since this class of errors is common in C/C++, I believe it is really not a good idea to encourage people to point the gun right to their feet.

On a side note, please explain to me how this is end-user oriented in a system where the convention is that a program ends silently when everything went smoothly:

> In error checks that detect “impossible” conditions, just abort. There is usually no point in printing any message [...] Explain the problem with comments in the source.

link
jcelerier 1835 days ago
if everything went smoothly likely the program had some useful output (e.g. grep, awk, sed). If it failed then I'd just run `coredumpctl gdb` ? (and ... abort isn't silent ? here's what I get if something aborts here: https://imgur.com/a/69eF73w)
link