|
A short history lesson: this code (from exec.c) used to just be
write(...);
In 649d85b, an empty if block was added to placate _FORTIFY_SOURCE's
warn_unused_result:
if (write(...) != sizeof(error)) {
// ...
}
This is fine since the parent doesn't rely on receiving those writes
(e.g. the child could die before writing), and the small write to a pipe
won't fail anyway.
But when bfs_spawn() was created, the implementation changed to this:
while (write(...) < sizeof(error));
The while loop was presumably added to mirror musl's posix_spawn()
implementation, which handles EINTR. But musl's is actually correct:
while (write(...) < 0);
whereas mine has a subtle bug: since sizeof(error) is unsigned, the bfs
code did an unsigned comparison, meaning -1 from write() would *not*
restart the loop.
Fix it by comparing with 0 like musl, since short writes are impossible
here. Perhaps it's time for -Wsign-compare, despite the other 18
instances being false positives.
|