Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Real Programmers think better when playing Adventure or Rogue.

devel / comp.std.c / deprecated ungetc at the beginning of a binary file

SubjectAuthor
o deprecated ungetc at the beginning of a binary fileVincent Lefevre

1
deprecated ungetc at the beginning of a binary file

<20210914132213$3e29@zira.vinc17.org>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=322&group=comp.std.c#322

  copy link   Newsgroups: comp.std.c
Path: i2pn2.org!i2pn.org!aioe.org!4JUmjLgy+Wx+kwpjMvj36w.user.46.165.242.75.POSTED!not-for-mail
From: vincent-...@vinc17.net (Vincent Lefevre)
Newsgroups: comp.std.c
Subject: deprecated ungetc at the beginning of a binary file
Date: Tue, 14 Sep 2021 13:44:29 -0000 (UTC)
Organization: a training zoo
Message-ID: <20210914132213$3e29@zira.vinc17.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: gioia.aioe.org; logging-data="63725"; posting-host="4JUmjLgy+Wx+kwpjMvj36w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: tin/2.6.0-20210823 ("Coleburn") (Linux/5.10.0-8-amd64 (x86_64))
X-Notice: Filtered by postfilter v. 0.9.2
 by: Vincent Lefevre - Tue, 14 Sep 2021 13:44 UTC

I can see since C99 (at least):

[Foreword]
deprecate ungetc at the beginning of a binary file

[Future library directions]
The use of ungetc on a binary stream where the file position
indicator is zero prior to the call is an obsolescent feature.

Dropping this feature is a bad idea and is likely to introduce
subtle bugs (possibly security issues) in software, which includes
GNU MPFR in mpfr_inp_str, for instance if some binary stream is
redirected to /dev/null (most streams are probably text streams,
but this is not controlled by libraries like MPFR).

Indeed, in practice, one may wish to handle EOF and other error
conditions after calling ungetc, which is currently safe, since
the standard says for EOF:

If the value of c equals that of the macro EOF, the operation fails
and the input stream is unchanged.

Code could easily be fixed by changing

ungetc (c, stream);

to

if (c != EOF)
ungetc (c, stream);

But why changing something that makes sense to undefined behavior,
probably without any benefit (no performance issues...)?

Shouldn't the C language tend to more safety?

--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor