This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 0/3] Fix wrong assumption about errno
On Fri, Dec 22, 2017 at 5:55 AM, Aurelien Jarno <aurelien@aurel32.net> wrote:
> On 2017-12-21 20:18, Zack Weinberg wrote:
>> Please reread what I said - it's subtler than that. The key point is
>> that there *are* functions in the GNU C Library that are guaranteed
>> *not* to set errno to a nonzero value unless they have actually
>> failed, such as strto*. It's well and good for the general discussion
>> of errno to talk about how *most* functions do not make this
>> guarantee, but they should not make it sound like *none* of them do,
>> and the specific documentation for the functions that do make that
>> guarantee should say so.
>
> This means that the remaining part of the sectiont is also wrong:
>
> "..., and you should not use @code{errno} to determine @emph{whether} a
> call failed."
>
> I guess the correct way to fix that would be to define in-band and
> out-of-band error reporting like in the CERT coding rules. But that's a
> lot more job than just clarifying the existing section. In the meantime,
> what about the following text:
>
> | The initial value of @code{errno} at program startup is zero. Many
> | library functions are guaranteed to set it to certain non-zero values
> | when they encounter certain kinds of errors. These error conditions are
> | listed for each function. Some of these functions are guaranteed to set
> | @code{errno} only in case of failure, while some other might set it to a
> | non-zero value even after a successful call. In any case these functions
> | never set @code{errno} to zero. The proper way to check for error is
> | documented for each function.
Well, Carlos is right that it is _usually_ wrong to check errno to
decide if something failed. Maybe something in the middle:
| The initial value of @code{errno} at program startup is zero. In many
| cases, when a library function encounters an error, it will set
| @code{errno} to a non-zero value to indicate what specific error
| condition occurred. The documentation for each function lists the
| error conditions that are possible for that function. Not all library
| functions use this mechanism; some return an error code directly,
| instead.
|
| @strong{Warning:} Many library functions may set @code{errno} to some
| meaningless non-zero value even if they did not encounter any errors,
| and even if they return error codes directly. Therefore, it is
| usually incorrect to check @emph{whether} an error occurred by
| inspecting the value of @code{errno}. The proper way to check for
| error is documented for each function.