[dns-operations] Robert Graham - A Quick Review of the BIND9 Code.

Jim Popovitch jimpop at gmail.com
Thu Jul 30 18:04:08 UTC 2015

On Thu, Jul 30, 2015 at 1:56 PM, Jim Popovitch <jimpop at gmail.com> wrote:
> On Thu, Jul 30, 2015 at 1:55 PM, Jim Popovitch <jimpop at gmail.com> wrote:
>> On Thu, Jul 30, 2015 at 1:43 PM, Paul Vixie <paul at redbarn.org> wrote:
>>> Roland Dobbins wrote:
>>>> <http://blog.erratasec.com/2015/07/a-quick-review-of-bind9-code.html>
>>> he's completely right about the const problems in that code base. const
>>> is in C what constraints are in SQL-- more is better.
>>> he's completely wrong about turning off assertions in production-compiled code, and in his comments about the performance requirements.
>>> i disagree, stylistically, with his recommendation never to use strcpy, especially when the alternative chosen is often strlcpy, which permits undetected truncation. in his example, the compiler should have flagged the size_t to unsigned int conversion coming out of strlen.
>>> does anyone know of a linter or compiler that can detect opportunities
>>> to add 'const'?
>> IIRC,  gcc -02 level optimization will auto add consts if it detects constants.
> Look here:  https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html
> search for "-fipa-cp"

BTW, while I do respect @ErrataRob, the important take away from this
is that just looking at code is not a 100% clear picture.  You have to
know the compile options&optimizations, the linking
options&optimizations, build environments, and even deployment

-Jim P.

More information about the dns-operations mailing list