Harden Tosu init, poll handling, and local request trust by sciboy12 · Pull Request #3 · sciboy12/Abs-C

sciboy12 · 2026-04-07T20:04:12Z

Prevent use of an uninitialized active when Tosu integration is enabled.
Make the main input loop handle poll() errors and interrupts explicitly instead of treating any non-positive return as a silent continue.
Reduce local trust surface for Tosu HTTP requests and remove an unused dead local in main.

Initialize active to false and, when Tosu is enabled, set active = tosu_get_absolute_state() immediately after tosu_init() in abs-c.c to avoid uninitialized reads.
Replace the condensed if (poll(&pfd, 1, -1) <= 0) continue; with explicit handling: check poll() return value, continue on EINTR (unless stop is set), call perror("poll") and break on hard errors, continue on timeout (0), preserve fatal pfd.revents checks and require POLLIN before reading.
Remove the unused struct input_event ev_buf[64]; declaration from main in abs-c.c.
Add #include <errno.h> to support robust poll() errno checks.
In tosuhandler.c, change TOSU_URL from http://localhost:24050/json to http://127.0.0.1:24050/json and set CURLOPT_NOPROXY to "*" to prevent environment proxying while preserving existing redirect and protocol settings.
Inspected emit_abs_delta and made no change because there was no duplicated unreachable return false; in the current tree.

Ran git diff -- abs-c.c tosuhandler.c to verify the code delta (succeeded).
Ran git status --short to confirm staged changes (succeeded).
Ran make clean && make to attempt a build; the build failed in this environment due to missing development headers/libraries (ini.h, cjson/cJSON.h) and not due to the applied changes.

Harden tosu state init, poll error handling, and local tosu URL trust

ca701b3

sciboy12 added the codex label Apr 7, 2026 — with ChatGPT Codex Connector

Provide feedback