fix readlink/readlinkat to return too long only when it is long #1109
Conversation
|
I'm afraid I don't understand the problem. Could you please be more clear? Give a complete example demonstrating the wrong behavior, and what you think the correct behavior should be. |
Oops sorry! Let me try to clarify. Consider the following folder structure With nix when we try to let src = "/tmp/target";
let dest = "tmp/target/test-dir";It works correctly when we pass in a buffer that is bigger than the src length let mut buf = vec![0; src.len() + 1];
println!("{}", str::from_utf8(&buf).unwrap()); // prints "/tmp/target"Actual: But when we pass in a buffer that is smaller than the let mut buf = vec![0; src.len()]; // returns `ENAMETOOLONG` Expected: Instead it should truncate the contents (to a length of buffer size), in case the buffer is too small to hold all of the contents. - from here |
|
Truncating the result is what readlink(2) does. But Nix is supposed to be safe and easy to use; we don't want to truncate any results. Perhaps |
That makes sense. I agree but this means we should always send in a buffer that is greater than the required size or if not it fails. We should at least allow the buffer to have the same size as that of the required result. What do you think?
Can we return EINVAL instead of ENAMETOOLONG? |
No, that would have the same problem. The problem with both of those error codes is that they overload errors used by the OS. Better to use our own error type. Better yet would be to never return an error. How about changing that function to allocate its storage internally and return an fn readlink<P: ...>(path: P) -> Result<OsString> {
let v = Vec::with_capacity(libc::PATH_MAX);
let r = libc::readlink(..., v.as_mut_ptr() as *mut c_char, v.capacity());
if let Ok(len) = Errno::result(r) {
unsafe { v.set_len(len) };
OsString::from_vec(v)
} else {
/* error handling */
}
} |
|
@asomers That is a good idea. I updated the code to reflect your suggested changes. |
CHANGELOG.md
Outdated
| @@ -6,6 +6,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). | |||
| ## [Unreleased] - ReleaseDate | |||
| ### Added | |||
| ### Changed | |||
| - Changed `readlink` and `readlinkat` to return `osString` | |||
There was a problem hiding this comment.
The first letter of OsString should be capitalized. Also, since this change is backwards incompatible it would be courteous to our users to explain how to convert their existing code.
src/fcntl.rs
Outdated
| } | ||
| } | ||
| } | ||
|
|
||
| pub fn readlink<'a, P: ?Sized + NixPath>(path: &P, buffer: &'a mut [u8]) -> Result<&'a OsStr> { | ||
| pub fn readlink<'a, P: ?Sized + NixPath>(path: &P) -> Result<OsString> { | ||
| let mut v = vec![0u8; libc::PATH_MAX as usize]; |
There was a problem hiding this comment.
No need to zero initialize. You can use an uninitialized vec instead.
src/fcntl.rs
Outdated
| })?; | ||
|
|
||
| wrap_readlink_result(buffer, res) | ||
|
|
| ([#1109](https://github.com/nix-rust/nix/pull/1109)) | ||
|
|
There was a problem hiding this comment.
This example isn't going to mean much to a reader. I'm thinking something in English, like "the buffer argument of readlink and readlinkat has been removed, and the return value is now an owned type. Existing code can be updated by removing the buffer argument and removing any clone or similar operation on the output."
src/fcntl.rs
Outdated
| let res = path.with_nix_path(|cstr| { | ||
| unsafe { libc::readlink(cstr.as_ptr(), v.as_mut_ptr() as *mut c_char, v.len() as size_t) } | ||
| unsafe { libc::readlink(cstr.as_ptr(), v.as_mut_ptr() as *mut c_char, len as size_t) } |
There was a problem hiding this comment.
You seem to be unaware of the capacity method. You should write it like this:
let mut v = Vec::with_capacity(libc::PATH_MAX as usize);
let res = path.with_nix_path(|cstr| {
unsafe { libc::readlink(cstr.as_ptr(), v.as_mut_ptr() as *mut c_char, v.capacity() as size_t) }
CHANGELOG.md
Outdated
| @@ -12,8 +12,16 @@ This project adheres to [Semantic Versioning](http://semver.org/). | |||
| ```rust | |||
| use nix::fcntl::{readlink, readlinkat}; | |||
There was a problem hiding this comment.
This line isn't important to readers. You can suppress it with a leading #, and delete the following blank line.
CHANGELOG.md
Outdated
| // and removing any clone or similar operation on the output | ||
|
|
||
| // old code `readlink(&path, &mut buf)` can be replaced with the following | ||
| readlink(&path); // this returns OsString |
There was a problem hiding this comment.
The code would be more self-documenting like this:
let _: OsString = readlink(&path);
1109: fix readlink/readlinkat to return too long only when it is long r=asomers a=sendilkumarn
Currently readlink returns `ENAMETOOLONG` when the bufferSize is equal to the result size.
Consider the below case
```c++
int main(int argc, const char * argv[]) {
std::string filename = "/tmp/test-dir/target";
size_t bufferSize = 9;
char* buffer = new char[bufferSize];
size_t rc = readlink (filename.c_str(), buffer, bufferSize);
// Since `readlink's` output depends on the `bufferSize`. If the`bufferSize` is 9 or greater than
// 9 then it will return 9 or else it will return `bufferSize` as the value of `rc`.
return 0;
}
```
Co-authored-by: Sendil Kumar <sendilkumarn@live.com>
Co-authored-by: Sendil Kumar N <sendilkumarn@live.com>
Build succeeded
|
Currently readlink returns
ENAMETOOLONGwhen the bufferSize is equal to the result size.Consider the below case