On Wed, Nov 18, 2020 at 07:21:15PM +0400, Marc-André Lureau wrote: > Hi > > On Wed, Nov 18, 2020 at 1:17 PM Stefan Hajnoczi <[email protected]> wrote: > > > Markus Armbruster pointed out that g_return_val_if() is meant for > > programming > > errors. It must not be used for input validation since it can be compiled > > out. > > Use explicit if statements instead. > > > > This patch series converts vhost-user device backends that use > > g_return_val_if() in get/set_config(). > > > > Stefan Hajnoczi (4): > > contrib/vhost-user-blk: avoid g_return_val_if() input validation > > contrib/vhost-user-gpu: avoid g_return_val_if() input validation > > contrib/vhost-user-input: avoid g_return_val_if() input validation > > block/export: avoid g_return_val_if() input validation > > > > > The condition is the same for all the patches, checking the message config > payload is large enough. Afaict, the value is set by the client, so it > could be a runtime error, and thus explicit checking is required. > > Nevertheless, one nice thing about g_return* macros, is that it provides an > error message when the condition fails, which helps. Could you replace it? > > (fwiw, I think g_return* macros are so convenient, I would simply make > G_DISABLE_CHECKS forbidden and call it a day)
I'll add an error message in v2. Stefan
signature.asc
Description: PGP signature
