Xref: utzoo comp.bugs.4bsd:1668 comp.std.c:4185 comp.lang.c:35495 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!think.com!snorkelwacker.mit.edu!bloom-beacon!deccrl!news.crl.dec.com!shlump.nac.dec.com!tkou02.enet.dec.com!jit345!diamond From: diamond@jit345.swstokyo.dec.com (Norman Diamond) Newsgroups: comp.bugs.4bsd,comp.std.c,comp.lang.c Subject: Re: Safe coding practices (was Re: Bug in users command) Message-ID: <1991Jan25.021929.10512@tkou02.enet.dec.com> Date: 25 Jan 91 02:19:29 GMT References: <1991Jan24.060707.22566@tkou02.enet.dec.com> <22870@well.sf.ca.us> Sender: news@tkou02.enet.dec.com (USENET News System) Reply-To: diamond@jit345.enet@tkou02.enet.dec.com (Norman Diamond) Organization: Digital Equipment Corporation Japan , Tokyo Lines: 37 In article <22870@well.sf.ca.us> Jef Poskanzer writes: >In the referenced message, diamond@jit345.enet@tkou02.enet.dec.com (Norman Diamond) wrote: >}In article <22855@well.sf.ca.us> Jef Poskanzer writes: >}> #define MAXNAMES 1000 >}> static char users[MAXNAMES][UT_NAMESIZE+1]; >}> (void) strncpy( users[nusers], u.ut_name, UT_NAMESIZE ); >}> users[nusers][UT_NAMESIZE] = '\0'; >}>And yes, this will fail if more than 1000 users are logged in at >}>the same time. Imagine how concerned I am. >} >}Uh, maybe equally concerned as ... > >Gosh, in ten years, if every trend in computer usage magically reverses >itself, I'll get a message telling me to change the number from 1000 to >10000. Suppose someone starts logging NFS clients? Or the clients of some other service? 1000 would already be a bit small for that. >Yes, it does check for overflow. Uh, you mean that it doesn't abort on overflow, but only gives inaccurate answers. OK, so your example does about 1/4 of what a good example would do. >Dan Bernstein's hack of reading utmp twice and allocating >50 extra slots in case more users log in between the two is, when you >come down to it, *no better*. Just more complicated. Worse, in fact, >since he *doesn't* check for overflow. If I had seen that posting, and if Mr. Bernstein had made some claim about adequacy, and if I had the time, I would have criticized that too. In fact, if I had seen the posting, and given the hypocrisy that you attributed to him (which I deleted, sorry), then it wouldn't matter if I had the time; I'd've flamed him ;-) . But I didn't see it, sorry. -- Norman Diamond diamond@tkov50.enet.dec.com If this were the company's opinion, I wouldn't be allowed to post it.