Robear Selwans <rwagih.rw@xxxxxxxxx> writes:
>> Also, isn't "if (sb->alloc < sb->len)" too loose a check for the new
>> feature? AFAICS in 1/2, a strbuf that is still borrowing a const
>> string always has sb->alloc==0. Other instances of strbuf that
>> happens to satisify the above condition, e.g. (sb->len == 5 &&
>> sb->alloc == 1), is an error. If we are to check the condition
>> about sb->len, shouldn't we diagnose such a case as an error, no?
> AFAIK after reading the documentation for `strbuf`, there is no other
> case where `sb->len > sb->alloc` as `alloc` needs to always be more
> than `len`. I'd like to be corrected if mistaken, though.
Yes, but the case that matters to _your_ use is sb->alloc == 0. You
do not want to let a broken strbuf (presumably broken by changes
other than your own) to pass, when you can detect it. And for that,
paying attention to sb->len _might_ make sense, but then the check
won't be
if (sb->alloc < sb->len)
make it mutable;
you'd rather be writing something like
if (!sb->alloc)
make it mutable;
else if (sb->alloc < sb->len)
BUG("somebody fed a corrupt strbuf to me");
If the primary purpose of make_mutable() is *not* about catching
random strbuf corruption, then the whole "else if" part is not
needed, and the check should become a equation only about sb->alloc,
not a comparison between alloc and len (which would trigger for *both*
your const-initialized strbuf *and* a corrupt one you did not anticipate
to see).
