Suggested-by: Peter Maydell <[email protected]> Signed-off-by: Markus Armbruster <[email protected]> --- include/qapi/error.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
diff --git a/include/qapi/error.h b/include/qapi/error.h index f3ce4a4a2d..fc018b4c59 100644 --- a/include/qapi/error.h +++ b/include/qapi/error.h @@ -437,6 +437,23 @@ Error *error_copy(const Error *err); */ void error_free(Error *err); +/* + * Note: we intentionally do not enable g_autoptr(Error) with + * G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(Error, error_free). + * + * Functions that report or propagate an error take ownership of the + * Error object. Explicit error_free() is needed when you handle an + * error in some other way. This is rare. + * + * g_autoptr(Error) would call error_free() automatically on return. + * To avoid a double-free, we'd have to manually clear the pointer + * every time we propagate or report. + * + * Thus, g_autoptr(Error) would make the rare case easier to get right + * (less prone to leaks), and the common case easier to get wrong + * (more prone to double-free). + */ + /* * Convenience function to assert that *@errp is set, then silently free it. */ -- 2.49.0
