Eric S. Raymond esr at thyrsus.com
Sun Nov 22 04:42:04 UTC 2015

Hal Murray <hmurray at megapathdsl.net>:
> I ran into a bug in ntpq from NTP Classic 4.3.79   A cleanup had changed an 
> int to a size_t.  That broke an end test which turned into a SEGFAULT from a 
> stack buffer overflow.  (I'm assume size_t is unsigned.)

That assumption is correct.  There is a corresponding standard signed
type ssize_t.

> The first observation is that a TESTFRAME would have caught this.  That 
> assumes we had captured an appropriate data set.  We should be sure to apply 
> TESTFRAME to other programs rather than just ntp, and we should try to 
> capture test data for every bug where it makes sense.

The second (capture test data for every bug where it makes sense) is already
in my goal set.  The first (apply TESTFRAME to other programs rather than just
ntp) is going to be tricky and I don't have a detailed technical plan for it
yet.  I'll look at this again after TESTFRAME lands.

> The next observation is that I don't know how to do arithmetic with mixed 
> signed/unsigned types.  Or maybe I don't know how to do subtracts with 
> unsigned, Is there a good tutorial on this?  How much can the compiler help?

Sadly, I don't know of any good tutorials on this.  It is a swamp full
of razor blades for even very experienced C programmers.  If you have a
particular exporession you want me to analyze I might be able to say
something useful.

> We don't get any compiler warnings.  Is that because our code is clean or 
> because we don't have enough flags turned on?

One of the first things I did after the fork point was clean up all warnings.
I'm a bit obsessive about that, having exoperienced too many situations where
serious errors got lost in the clutter.

We still build with -Wall, so the code really is clean that way. 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

More information about the devel mailing list