On Fri, Jun 29, 2007 at 02:40:23PM +0100, Richard W.M. Jones wrote: > >@@ -113,12 +128,19 @@ virBufferFree(virBufferPtr buf) > > * virBufferContentAndFree: > > * @buf: Buffer > > * > >- * Return the content from the buffer and free (only) the buffer > >structure. > >+ * Get the content from the buffer and free (only) the buffer structure. > >+ * > >+ * Returns the buffer content or NULL in case of error. > > */ > > char * > > virBufferContentAndFree (virBufferPtr buf) > > { > >- char *content = buf->content; > >+ char *content; > >+ > >+ if (buf == NULL) > >+ return(NULL); > >+ > >+ content = buf->content; > > > > free (buf); > > return content; > > I know we do this sort of thing all over the place, but it's bad > practice (IMHO). If someone passes a NULL into this function then it's > an error, and it's better to segfault early rather than compound or hide > the error.
The error should be raised before. If it wasn't then there is a programming bug. And a library must not segfault on hazard like out of memory, sorry no ! Like we tests return from malloc() I think we must shield the internal code as much as possible. In any case segfaulting is not the proper way to raise a problem. > Of course I wish we were using a language where you could specify these > rules statically, and in fact I've been analysing the libvirt code using > some static analysis tools to try & find these types of bugs > automatically. Results later ... Fixing bugs, yes definitely, that I can only agree with. Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ [EMAIL PROTECTED] | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list