On Fri, Dec 24, 2021 at 5:16 AM Junio C Hamano <gitster@xxxxxxxxx> wrote:
>
> But your safe_memcpy() should not be
>
> safe_memcpy(dst, src, n)
> {
> if (n)
> memcpy(dst, src, n);
> return dst;
> }
>
> Using memcpy() with size==0 is not a crime wrt the language.
> Passing an invalid pointer while doing so is.
It's not a crime, but what is the benefit of calling memcpy with n == 0 ?
> safe_memcpy(dst, src, n)
> {
> if (dst)
> memcpy(dst, src, n);
> else if (n)
> BUG(...);
I think this is suboptimal. Sure, a segfault is uglier than "out of
memory" error, but both effectively crash the program, so the
difference isn't that big.
The nice way is if the reftable library grows an error-code
REFTABLE_OOM, which is propagated once a malloc or realloc returns
NULL.
We could test this exhaustively in the unittest by swapping in a
malloc that starts failing after N allocations, and then running a
transaction in a loop, increasing N.
I'll have to look more closely if this is possible throughout, so for
this series, I'll just take a closer look at the current call-sites to
see if NULL can really occur or not.
--
Han-Wen Nienhuys - Google Munich
I work 80%. Don't expect answers from me on Fridays.
--
Google Germany GmbH, Erika-Mann-Strasse 33, 80636 Munich
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
