On Thu, Aug 09, 2018 at 07:12:18PM +0200, Richard Levitte wrote: > viktor> X509 *x; > viktor> STACK_OF(X509) *s; > viktor> > viktor> ... > viktor> /* Allocate 's' and initialize with x as first element */ > viktor> if (sk_X509_push(s = sk_X509_new(NULL), x) < 0) { > viktor> /* error */ > viktor> } > > I would regard that code incorrectly written, because it doesn't check > the value returned from sk_X509_new(NULL) (i.e. it doesn't properly > check for possible errors). Correctly written code would be written > like this:
It is correctly written *given* the existing NULL checks, and the fact that our API is under-documented. > However, if we actually want people to be able not to check if the > stack they wanted to allocate actually got allocated, the correct > course of action would be to make that a defined behaviour, i.e. fix > the docs accordingly. Yes, we should document the existing behaviour in preference to changing it. Changing the behaviour of existing functions should require a compelling reason to do that. -- Viktor. _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project