execve.2, pipe.2, tee.2, fmemopen.3, mq_notify.3, qsort.3: Replace use of assert() by code that checks argc

See http://bugzilla.kernel.org/show_bug.cgi?id=13569 As noted by Andrey: The purpose of the assert macro, defined in <assert.h>, is to provide a tool to check for programming mistakes or program logic errors. However, the assert macro must never be used to perform checks for run time errors, since, with the NDEBUG macro defined, expressions within the assert macro invocations are not evaluated/checked for, resulting in behavior that was not originally intended. ... The pages affected in the core package are execve(2) pipe(2) tee(2) fmemopen(3) mq_notify(3) qsort(3) Reported-by: Andrey Vihrov <vihrov@gmail.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2009-09-15 06:46:16 +02:00 · 2009-09-15 06:46:16 +02:00 · 6b34fb3f5a
parent ed35aae690
commit 6b34fb3f5a
6 changed files with 30 additions and 18 deletions
--- a/man2/execve.2
+++ b/man2/execve.2
@ -34,7 +34,7 @@
 .\" 2007-09-14 Ollie Wild <aaw@google.com>, mtk
 .\"     Add text describing limits on command-line arguments + environment
 .\"
-.TH EXECVE 2 2009-04-21 "Linux" "Linux Programmer's Manual"
+.TH EXECVE 2 2009-09-15 "Linux" "Linux Programmer's Manual"
 .SH NAME
 execve \- execute program
 .SH SYNOPSIS
@ -555,7 +555,6 @@ argument:
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
-#include <assert.h>

 int
 main(int argc, char *argv[])
@ -563,8 +562,11 @@ main(int argc, char *argv[])
    char *newargv[] = { NULL, "hello", "world", NULL };
    char *newenviron[] = { NULL };

-    assert(argc == 2);  /* argv[1] identifies
-                           program to exec */
+    if (argc != 2) {
+	fprintf(stderr, "Usage: %s <file-to-exec>\\n", argv[0]);
+	exit(EXIT_FAILURE);
+    }
+
    newargv[0] = argv[1];

    execve(argv[1], newargv, newenviron);
--- a/man2/pipe.2
+++ b/man2/pipe.2
@ -33,7 +33,7 @@
 .\"     to EXAMPLE text.
 .\" 2008-10-10, mtk: add description of pipe2()
 .\"
-.TH PIPE 2 2008-11-04 "Linux" "Linux Programmer's Manual"
+.TH PIPE 2 2009-09-15 "Linux" "Linux Programmer's Manual"
 .SH NAME
 pipe, pipe2 \- create pipe
 .SH SYNOPSIS
@ -139,7 +139,6 @@ and echoes it on standard output.
 .nf

 #include <sys/wait.h>
-#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@ -152,7 +151,10 @@ main(int argc, char *argv[])
    pid_t cpid;
    char buf;

-    assert(argc == 2);
+    if (argc != 2) {
+	fprintf(stderr, "Usage: %s <string>\\n", argv[0]);
+	exit(EXIT_FAILURE);
+    }

    if (pipe(pipefd) == \-1) {
        perror("pipe");
--- a/man2/tee.2
+++ b/man2/tee.2
@ -139,7 +139,6 @@ system call.
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
-#include <assert.h>
 #include <errno.h>
 #include <limits.h>

@ -149,7 +148,10 @@ main(int argc, char *argv[])
    int fd;
    int len, slen;

-    assert(argc == 2);
+    if (argc != 2) {
+	fprintf(stderr, "Usage: %s <file>\\n", argv[0]);
+	exit(EXIT_FAILURE);
+    }

    fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC, 0644);
    if (fd == \-1) {
--- a/man3/fmemopen.3
+++ b/man3/fmemopen.3
@ -3,7 +3,7 @@
 .\" Distributed under the GPL.
 .\" 2008-12-04, Petr Baudis <pasky@suse.cz>: Document open_wmemstream()
 .\"
-.TH FMEMOPEN 3 2009-04-21 "GNU" "Linux Programmer's Manual"
+.TH FMEMOPEN 3 2009-09-15 "GNU" "Linux Programmer's Manual"
 .SH NAME
 fmemopen, open_memstream, open_wmemstream \-  open memory as stream
 .SH SYNOPSIS
@ -206,7 +206,6 @@ size=11; ptr=1 529 1849
 \&
 .nf
 #define _GNU_SOURCE
-#include <assert.h>
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
@ -222,7 +221,10 @@ main(int argc, char *argv[])
    size_t size;
    char *ptr;

-    assert(argc == 2);
+    if (argc != 2) {
+	fprintf(stderr, "Usage: %s <file>\\n", argv[0]);
+	exit(EXIT_FAILURE);
+    }

    in = fmemopen(argv[1], strlen(argv[1]), "r");
    if (in == NULL)
--- a/man3/mq_notify.3
+++ b/man3/mq_notify.3
@ -23,7 +23,7 @@
 .\" Formatted or processed versions of this manual, if unaccompanied by
 .\" the source, must acknowledge the copyright and authors of this work.
 .\"
-.TH MQ_NOTIFY 3 2009-03-31 "Linux" "Linux Programmer's Manual"
+.TH MQ_NOTIFY 3 2009-09-15 "Linux" "Linux Programmer's Manual"
 .SH NAME
 mq_notify \- register for notification when a message is available
 .SH SYNOPSIS
@ -215,7 +215,6 @@ queue and then terminates the process.

 #include <pthread.h>
 #include <mqueue.h>
-#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@ -254,7 +253,10 @@ main(int argc, char *argv[])
    mqd_t mqdes;
    struct sigevent not;

-    assert(argc == 2);
+    if (argc != 2) {
+	fprintf(stderr, "Usage: %s <mq-name>\\n", argv[0]);
+	exit(EXIT_FAILURE);
+    }

    mqdes = mq_open(argv[1], O_RDONLY);
    if (mqdes == (mqd_t) \-1)
--- a/man3/qsort.3
+++ b/man3/qsort.3
@ -31,7 +31,7 @@
 .\"
 .\" FIXME glibc 2.8 added qsort_r(), which needs to be documented.
 .\"
-.TH QSORT 3 2009-02-01 "" "Linux Programmer's Manual"
+.TH QSORT 3 2009-09-15 "" "Linux Programmer's Manual"
 .SH NAME
 qsort \- sorts an array
 .SH SYNOPSIS
@ -85,7 +85,6 @@ which sorts the strings given in its command-line arguments:
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>

 static int
 cmpstringp(const void *p1, const void *p2)
@ -102,7 +101,10 @@ main(int argc, char *argv[])
 {
    int j;

-    assert(argc > 1);
+    if (argc < 2) {
+	fprintf(stderr, "Usage: %s <string>...\\n", argv[0]);
+	exit(EXIT_FAILURE);
+    }

    qsort(&argv[1], argc \- 1, sizeof(char *), cmpstringp);