did you know that you submit to google android gerrit by giving git a pre-generated cookie jar(?!) and guessing which one of 22 branches designated aml_ads_341826060/aml_ads_341826300/aml_art_341810020/aml_ase_341810000/&c. you can submit for https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/3640810
for anyone following along at home this is asprintf(&data_points[count].name, "%s[%d]:", dict.key[i], n);
you should set [vendor.]rild.libargs="a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a " if you want to have a good time https://android-review.googlesource.com/c/platform/hardware/ril/+/3643206
@nabijaczleweli you're supposed to submit to android-latest-release or main btw.
@luk1337 the gerrit suggestion in the submission instructions on the blank dashboard was just the aml_* ones but this makes more sense, thanks
@nabijaczleweli whyyyyy is everything http ipv ssh? That’s insane.
Oh, right. Google.
@nabijaczleweli the git cookie thing is somewhat standard; useful when you don't want to deal with exposing bare ssh from your gerrit host
@implr i mean, it makes sense as a PSK delivery mechanism (though idk why you wouldn't be using HTTP auth since it already prompts for it), but i've never seen git (being capable of) using cookies at all so I'm kinda wondering where you've seen it deployed before
@nabijaczleweli sizeof(10)
?
I don’t know if I should go from eyebrow-rising to laugh or cry.
@lanodan @nabijaczleweli with someone later putting strlcpy and sizeof on top because insecure!!! but didn’t know how to actually write the secure version
(isn’t sizeof(10)
just 4 or so?)
@mirabilos @nabijaczleweli Should be the same as int
at least, only case it can end up being equivalent to long
is if it doesn't fits into unsigned int
apparently.
@lanodan @nabijaczleweli yeah, hence 4. Not 10.
@mirabilos @nabijaczleweli Yeah, just prefer to never assume the size of int
(IIRC it needs to be at least a certain size per POSIX, no idea for ISO C).
In any case, that code is absolutely horrible.
@lanodan @mirabilos only found by clang with "sprintf always truncated (4-byte destination, 5-byte minimum size)" warning! and I think these analyses are relatively fresh (and you sure as fuck don't get them on a full android build). one weeps for what bullshit's in there that /isn't/ caught by my heuristic-du-jour
btw there's some more in-and-around these, but both of them reduce to 1 line (cw gore):
https://review.lineageos.org/c/LineageOS/android_vendor_qcom_opensource_dataservices/+/431741
https://review.lineageos.org/c/LineageOS/android_vendor_qcom_opensource_dataservices/+/431742
https://review.lineageos.org/c/LineageOS/android_vendor_qcom_opensource_dataservices/+/431743
https://review.lineageos.org/c/LineageOS/android_vendor_qcom_opensource_dataservices/+/431746
@lanodan @nabijaczleweli hey but at least AI will have been trained on this pattern, as an upside
@lanodan if you wanna have a bad time you can try building your favourite program of sufficient size with clang trunk :) new horrors drop every like 6-10 months
@nabijaczleweli Well I already run gentoo so I've seen my fair share of weird to scary compiler warnings, even without a bleeding-edge compiler.
And I tend run scan-build on software I work on.
@nabijaczleweli so nice you check it twice