Safe coding practices (was Re: Bug in users command)

[Norman Diamond]

In article <22870 at well.sf.ca.us> Jef Poskanzer <jef at well.sf.ca.us> writes:
>In the referenced message, diamond at jit345.enet@tkou02.enet.dec.com (Norman Diamond) wrote:
>}In article <22855 at well.sf.ca.us> Jef Poskanzer <jef at well.sf.ca.us> writes:
>}>    #define MAXNAMES 1000
>}>    static char users[MAXNAMES][UT_NAMESIZE+1];
>}>    (void) strncpy( users[nusers], u.ut_name, UT_NAMESIZE );
>}>    users[nusers][UT_NAMESIZE] = '\0';
>}>And yes, this will fail if more than 1000 users are logged in at
>}>the same time.  Imagine how concerned I am.
>}
>}Uh, maybe equally concerned as ...
>
>Gosh, in ten years, if every trend in computer usage magically reverses
>itself, I'll get a message telling me to change the number from 1000 to
>10000.

Suppose someone starts logging NFS clients?  Or the clients of some other
service?  1000 would already be a bit small for that.

>Yes, it does check for overflow.

Uh, you mean that it doesn't abort on overflow, but only gives inaccurate
answers.  OK, so your example does about 1/4 of what a good example would do.

>Dan Bernstein's hack of reading utmp twice and allocating
>50 extra slots in case more users log in between the two is, when you
>come down to it, *no better*.  Just more complicated.  Worse, in fact,
>since he *doesn't* check for overflow.

If I had seen that posting, and if Mr. Bernstein had made some claim about
adequacy, and if I had the time, I would have criticized that too.  In fact,
if I had seen the posting, and given the hypocrisy that you attributed to
him (which I deleted, sorry), then it wouldn't matter if I had the time;
I'd've flamed him ;-) .  But I didn't see it, sorry.
--
Norman Diamond       diamond at tkov50.enet.dec.com
If this were the company's opinion, I wouldn't be allowed to post it.