Le 09/05/2014 12:20, Pekka Paalanen a écrit :
On Fri, 09 May 2014 15:21:51 +0530
Srivardhan <sri.heb...@samsung.com> wrote:
-----Original Message-----
From: Pekka Paalanen [mailto:ppaala...@gmail.com]
Sent: Friday, May 09, 2014 3:09 PM
To: Srivardhan
Cc: 'Hardening'; wayland-devel@lists.freedesktop.org
Subject: Re: [PATCH] event: Cheking for NULL before dereferencing the
pointer.
On Fri, 09 May 2014 14:56:14 +0530
Srivardhan <sri.heb...@samsung.com> wrote:
[...]
Checking is one thing, silently hiding bugs is another thing.
If NULL is a legal input, then of course it needs to be checked.
If NULL can happen, but is a runtime error, the program needs to be
vocal about it, e.g. relay the error back to the caller.
If API specification says NULL is not a valid input, putting an
assert() would be fine, since violating that is a programmer error in
the caller.
I think wl_event_source_remove() falls into the last category. All
functions in wayland-util.h belong to this category, too.
IMHO wl_event_source_remove() should take a wl_event_source ** as
parameter and set to NULL the event_source pointer (preventing anyone
to use it). Using eclipse call hierarchy, I've seen many places where
this extra precaution is not taken.
I don't know if wl_event_source_remove() can be considered as part of
the libwayland API and so fixed in stone ?
Regards.
--
David FORT
website: http://www.hardening-consulting.com/
_______________________________________________
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/wayland-devel
