Closed henrygab closed 3 months ago
You are welcome to add an entry to the CHANGELOG.md as well
I manually squashed to a single commit, to avoid having non-compiling commits in commit history (better for git bisect
)
OK,
the modification to use a more complex array length calculation for potential wrong calls to the old macro is unneeded.
The coverity scan and cppchecker picks up on those. We don't have those mistakes.
I would say you use your code out of habit, Please revert that addition.
Respectfully, I do not submit this change out of habit, but as a way to improve the continued stability of the codebase and the experience of contributors to the codebase.
Previously, it seemed you and I shared the desire to catch errors at the earliest possible time. Listing those times in what I believe is an agreed order of preference:
Here, if everything is fine, and all developers are perfect, the safer macro has no visible effect. If, however, someone makes a mistake, the safer macro calls it out at compilation time, and saves everyone time and effort (and frustration).
When it comes this particular project, it has three major parts.
When it comes to doing changes and adding things, here is the rules I have set down.
The client , we can do anything, as long as it compiles without any warnings and errors on all the multiple platforms and that of course doesn't break anything. No problem adding your modified ARRAYLEN.
ARM source code, here its timing critical and we don't have the luxury to add nice checks everywhere just because its nice coding pattern. Usually pre-setup code and post-execution code can be freely modified. The biggie is everything inside main loop of a function. It brews always down to "don't mess with things without very much testing" With testing, its physical cards, genuine readers, simulated devices, you name it.
You can argue as much as you want but anything in the ARM source code will be scrutinized and rejected.
For the fun of it , I tested this PR in my recent research into hitag2. I now have a harder time sniffing.
This means this PR is not going to be merged at all as is. It also very well describes this issue with fiddling in the ARM code.
Did you do any real tests with this PR?
With that said I have no issue with modifying the client. Go ahead, no problem at all.
Thank you for the additional clarity on how you see the split. I don't know that I agree with the characterization of preventing buffer overruns as "nice coding pattern", but I will respect your decision to prefer to leave the risky code "as-is". After all, the checks to prevent buffer overrun are inherently within the critical timing loops you refer to, so it will be impossible to prevent 2-4 CPU cycles for a test/jmp/increment. Moreover, I do not have many of the physical cards, nor any genuine readers, nor test with simulated devices. According, I will close this PR.