Hi Carl,

>>>>> "Carl" == Carl Worth <cworth@cworth.org> writes:

    Carl> [1  <text/plain (quoted-printable)>]
    Carl> On Mon, 23 Nov 2009 08:21:50 +0200, Dirk-Jan C. Binnema <djcb.bulk@gmail.com> wrote:
    >> -#define prompt(format, ...)				\
    >> -    do {						\
    >> -	printf (format, ##__VA_ARGS__);			\
    >> -	fflush (stdout);				\
    >> -	getline (&response, &response_size, stdin);	\
    >> -	chomp_newline (response);			\
    >> +#define prompt(format, ...)					\
    >> +    do {							\
    >> +	int ignored;						\
    >> +	printf (format, ##__VA_ARGS__);				\
    >> +	fflush (stdout);					\
    >> +	ignored = getline (&response, &response_size, stdin);	\
    >> +	chomp_newline (response);				\
    >> } while (0)

    Carl> This patch is incorrect. Ignoring the return value of getline results in
    Carl> the program invoking undefined behavior by reading uninitialized
    Carl> memory. This is easily tested by, for example, typing Control-D to
    Carl> provide EOF to a prompt from "notmuch setup".

    Carl> How about just exiting in case of EOF as in the patch below?

Sure, that's the better solution, but note that my patch did not introduce the
undefined behavior -- it was there before. I was trying a minimal patch to
silencing the warning. Note that prompt seems to leak a bit, even after the
committed patch; attached are two more micro patches to fix this and another
small leak. I try to do minimal changes, but the prompt business gets a bit
unwieldy. The leaks are one-time at not critical, but anyway it's always good
stay vigilant.

Best wishes,
Dirk.

-- 
Dirk-Jan C. Binnema                  Helsinki, Finland
e:djcb@djcbsoftware.nl           w:www.djcbsoftware.nl
pgp: D09C E664 897D 7D39 5047 A178 E96A C7A1 017D DA3C