On 18/04/16 13:01, Anton Khirnov wrote: > That's the whole point of the assert -- it's something that should not > be able to happen. If it does happen, then the code is buggy and the bug > should be fixed. Another function of the assert (other than preventing > UB) is that it tells you where exactly things went wrong, rather than > crashing days later due to memory corruption.
An assert should notify about a unexpected condition before it happens and it is quite useful this way, but it is a debugging aid, not a safeguard. Using it to check after the fact is not useful at all. >> If you end up in that situation what happens? You leak packets? You >> leave memory areas pinned in strange ways? You can root the system? > > You do something undefined. We should never ever do something undefined. > Aborting is absolutely preferable to UB. Had you read the code in question? We can debate all the time how theoretically crashing early saves the world and come up with more or less plausible examples. If I read the code correctly the expected-unexpected condition that should trigger an abort is feeding in a packet while flushing or closing the decoder. That is not exactly mmal-specific I'd dare to say... lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
