Jonathan Tan <jonathantanmy@xxxxxxxxxx> writes:
>> - fmt = get_format_by_sig(signature);
>> - if (!fmt)
>> - BUG("bad signature '%s'", signature);
>
> Here is the difference in functionality that I spotted. Here, lack of
> fmt is fatal...
>
>> + fmt = get_format_by_sig(signature);
>> + if (!fmt)
>> + return error(_("bad/incompatible signature '%s'"), signature);
>
> ...but here it is not.
While I was reviewing this step, I was assumign that the callers
would respond to this error return appropriately. If it is not the
case, then we do have to fix that.
The original's use of BUG() is wrong in any case, I woud think. The
"signature" there is an external input, so we were reporting a data
error (it should have been die()), not a program logic error.
Thanks.
