On Tue, Dec 01, 2020 at 12:10:14PM +0100, Han-Wen Nienhuys wrote: > > I think passing: > > > > sizes_to_segments(&seglen, NULL, 0); > > > > may make the code more obvious. Unlike system functions like memcpy(), > > we can be assured of whether our functions avoid looking at a > > zero-length array (and size_to_segments does follow that rule). > > > > This function, of course, is nonsense that real code would not do, and > > This test was added because 'real' code did this. In particular, if > you initialize a stack of reftables, the stack has zero elements. The > test was for the following bugfix > > https://github.com/google/reftable/commit/b2e42ecb54e413e494c1fcc13c21e24422645007 > > Changing the array size to 1 here also prevents Valgrind to mark a > regression as a OOB write. Sorry to be unclear. I meant that real code would not allocate a static zero-length array (though it might do so on the heap). I agree that making sure the function behaves in the 0-segment case is quite reasonable. Passing NULL actually makes the test more rigorous IMHO (because it is a strict superset of failure modes, and is something an actual caller might do if it were dynamically growing an array that started at NULL). -Peff
