[PATCH] event: Cheking for NULL before dereferencing the pointer.
Pekka Paalanen
ppaalanen at gmail.com
Fri May 9 06:02:19 PDT 2014
On Fri, 09 May 2014 14:50:19 +0200
Hardening <rdp.effort at gmail.com> wrote:
> Le 09/05/2014 12:20, Pekka Paalanen a écrit :
> > On Fri, 09 May 2014 15:21:51 +0530
> > Srivardhan <sri.hebbar at samsung.com> wrote:
> >
> >>
> >>
> >>> -----Original Message-----
> >>> From: Pekka Paalanen [mailto:ppaalanen at gmail.com]
> >>> Sent: Friday, May 09, 2014 3:09 PM
> >>> To: Srivardhan
> >>> Cc: 'Hardening'; wayland-devel at lists.freedesktop.org
> >>> Subject: Re: [PATCH] event: Cheking for NULL before dereferencing the
> >>> pointer.
> >>>
> >>> On Fri, 09 May 2014 14:56:14 +0530
> >>> Srivardhan <sri.hebbar at samsung.com> wrote:
> >>>
>
> [...]
>
> >
> > Checking is one thing, silently hiding bugs is another thing.
> >
> > If NULL is a legal input, then of course it needs to be checked.
> >
> > If NULL can happen, but is a runtime error, the program needs to be
> > vocal about it, e.g. relay the error back to the caller.
> >
> > If API specification says NULL is not a valid input, putting an
> > assert() would be fine, since violating that is a programmer error in
> > the caller.
> >
> > I think wl_event_source_remove() falls into the last category. All
> > functions in wayland-util.h belong to this category, too.
> >
>
> IMHO wl_event_source_remove() should take a wl_event_source ** as
> parameter and set to NULL the event_source pointer (preventing anyone
> to use it). Using eclipse call hierarchy, I've seen many places where
> this extra precaution is not taken.
> I don't know if wl_event_source_remove() can be considered as part of
> the libwayland API and so fixed in stone ?
If it is exported in a release, it is set in stone. And so it is.
Thanks,
pq
More information about the wayland-devel
mailing list