> On Jul 29, 2024, at 9:01 AM, bug-gnulib-requ...@gnu.org wrote: > > Message: 5 > Date: Mon, 29 Jul 2024 11:47:31 -0400 > From: Jeffrey Walton <noloa...@gmail.com> > To: Bruno Haible <br...@clisp.org> > Cc: bug-gnulib@gnu.org, Eric Blake <ebl...@redhat.com> > Subject: Re: should asprintf and friends guarantee sane pointer on > failure? > Message-ID: > <CAH8yC8kQGM56jb029V+UXo18gc-KdWYSZfvh480n=j3fuh6...@mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > >> On Mon, Jul 29, 2024 at 11:37 AM Bruno Haible <br...@clisp.org> wrote: >> >> Jeffrey Walton wrote: >>> You should consider making the interface easy to use correctly, and >>> hard to use incorrectly. That will help novice programmers avoid >>> mistakes. >> >> Novice programmers need to learn that they need to look at the return >> value. Once they have learned this, everything is easy. > > Everyone makes mistakes, including expert programmers: > <https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=glibc>. Making the > function easy to use correctly, and hard to use incorrectly, serves > the best interest of the internet community. > >>> In that light, set the ptr to NULL to make it as safe as possible. >> >> With the same argument, you could claim that functions that can set >> errno should always set errno to 0 when they succeed. So that >> users don't need to set 'errno = 0;' before the call, if they want >> to inspect errno after the call, regardless of the return value. I'm not certain I fully understand Bruno's reasoning, there. Please understand that I genuinely do not know this and am not trying to be a smartarse... does the documentation of C library functions actually say outright, "a status value shall be returned, unless the function succeeds"? IMO, reporting that there was not an error is just as important as reporting that there was one. Gordon S.
