On Wed, May 20, 2009 at 06:58:41PM -0700, Junio C Hamano wrote: > If a function takes (int ac, char **av), then people should be able to > depend on the usual convention of > > (1) for any i < ac, av[i] is not NULL; and > (2) av[ac] is NULL. > > With your patch, a broken caller's wish is simply discarded and nobody > will notice. Without your patch, at least you will know that the caller > passed an inconsistent pair of ac and av to this function by seeing a > coalmine canary segfault. > > I would not mind a patch that adds an assertion that protects this > function from broken callers, so that we can find them, but your patch > makes me feel very uneasy. I agree. Having just fixed a segfault in the GIT_TRACE code caused by a non-terminated argv generated by the alias code, I think I would prefer that we just consistently do the NULL-termination. You are otherwise creating a maintenance pitfall when somebody later passes the value to unsuspecting code. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html