The POSIX standards specify that the open() and openat() functions
technically return -1, not EOF, on failure -- even though most (perhaps
all) systems define EOF to be -1!
Coverity Scan (https://scan.coverity.com/projects/trader) complains that
a high-impact defect is present in the scramble() function: "String not
null terminated" -- even though b64encode() does give a NUL-termininated
buffer.
Checking the presence of the traditional data directory using stat()
leads to a time-of-check / time-of-use bug by the time it is possibly
created using xmkdir(). Use file descriptors and openat() to work around
this problem.
The reStructuredText (ReST) format is still quite readable as raw text,
and is much more capable than the myriad all-slightly-incompatible
variants of Markdown.
Also work around buggy implementations of strfmon() that do not copy
complete multibyte sequences that may be part of a locale's
mon_thousands_sep, thousands_sep, mon_decimal_point or decimal_point.
Current and previous versions of ISO/IEC 9945-1 (POSIX), particularly SUSv3
(2001) and SUSv4 (2008), require strfmon() to return rather meaningless
strings when used with the POSIX "C" locale. In particular, the standard
POSIX locale does not define a currency symbol, a monetary radix symbol
(decimal point) or a negative sign. This means strfmon(..., "%n", -123.45)
is supposed to produce "12345" instead of something like "$-123.45"!
The new xstrfmon() overcomes these limitations by using snprintf() as
appropriate.
This makes the main source code look a little cleaner, at the expense of
background magic happening in the configure-generated config.h. But this
magic was already happening for _GNU_SOURCE, __EXTENSIONS__ and the like.
The only wrinkle is that newer versions of NcursesW cause ./configure to
include "-D_XOPEN_SOURCE=600" as part of the compilation command line--on
systems that support _XOPEN_SOURCE=700. The AC_DEFINE/AC_DEFINE_UNQUOTED
macros automatically comment out any "#undef" lines in config.h, so the
file lib/xopen_source.h works around this limitation. It is
automatically included by config.h.
Rewrite a check that unscramble_table[] is of the right size as an
assertion, which prevents Clang from issuing a warning that the "result
of comparison of constant 256 with expression of type 'const unsigned
char' is always false".
Oh for the day that C11's _Static_assert can be used amongst all
compilers! But perhaps Gnulib's assert-h module can be used instead...
The function wctob() returns an int that can be -1; a conversion to
unsigned char will make that value 0xFF. Although the "if" statement
still works in this case, we should be more diligent in our programming.
Arithmetic on void * pointers is undefined, according to Section 6.5.6
Paragraph 2, Section 6.2.5 Paragraph 1 and Section 6.2.5 Paragraph 19 of
the ISO/IEC 9899:1999 C99 standard: the void type is incomplete and thus
its size cannot be determined.
GCC allows pointer arithmetic on void * as an extension (and only warns
if "-Wpointer-arith" is given); the Oracle Developer Studio C compiler
issues a warning by default.
Newer versions of libncurses/libncursesw "#define _XOPEN_SOURCE 600" in
their pkg-config file. This change forces _XOPEN_SOURCE to be redefined
to 700 in that case.
The latest versions of the GNU Compiler Collection complain about signed
and unsigned integer comparisons when run with the "-Wextra" flag. Keep
those compilers happy.
