Michael McConville wrote: > Am I interpreting this correctly? > > This is the least invasive fix, but it's unfortunate that this function > allows the supplied buffer to be NULL. If we made it unconditionally > allocate a new buffer, we would have to change some program logic > because uses pass stack-allocated statically-sized buffers. So, maybe > should require a valid buffer argument.
One or the other. This idiom of allowing the caller to pass a buffer or not and then allocating memory or not is silly and a source of many bugs. I don't believe we should encourage its use by demonstrating it except where necessary.