[MINC-development] warning from volume_io/alloc.h

[Claude LEPAGE]

Hi,

Security rules... I like this one:


EXP05-EX1: An exception to this recommendation is allowed when it is necessary to cast away const when invoking a legacy API that does not accept a const argument, provided the function does not attempt to modify the referenced variable. For example, the following code casts away the const qualification of INVFNAME in the call to the audit_log() function.

Is minc a "legacy" code? :-)

For the case of the FREE macro, I think it is safe to use const char *.
However, I'm not sure what would happen if we used const char * in
ParseArgv. Theoretically, those strings shouldn't be modified. 

Claude

>
> >#define  =5FALLOC=5FSOURCE=5FLINE    , (char*)=5F=5FFILE=5F=5F, =
> =5F=5FLINE=5F=5F
> >#define  =5FALLOC=5FSOURCE=5FLINE=5FARG=5FDEF   , char  filename[], int =
> line=5Fnumber
> >#define  =5FALLOC=5FSOURCE=5FLINE=5FARGUMENTS   , filename, line=5Fnumber
> >#define  PRINT=5FALLOC=5FSOURCE=5FLINE   \
> >         print=5Falloc=5Fsource=5Fline( filename, line=5Fnumber );
> >#endif
> >
> >
> >Note the cast (char*) on =5F=5FFILE=5F=5F, which is consistent with the 
> >definition on the next line char filename[]. By default, the compiler 
> >assumes const char * and writes out a warning. Unless we change
> >=5FALLOC=5FSOURCE=5FLINE=5FARG=5FDEF to const char filename[]...
>
> The latter sounds preferable.  Casting away const is a big enough code =
> smell to be listed in places like this:
>
> <https://www.securecoding.cert.org/confluence/display/seccode/EXP05-C.+Do+n=
> ot+cast+away+a+const+qualification>
>
> Cheers,
>
> -- 
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
> Sean McBride, B. Eng                 sean at rogue-research.com
> Rogue Research                        www.rogue-research.com 
> Mac Software Developer              Montr=E9al, Qu=E9bec, Canada
>
>