On Thu, May 05, 2022 at 08:16:11AM -0700, Keith Packard wrote: > Johannes Berg <johannes@xxxxxxxxxxxxxxxx> writes: > > > Yeah, dunno, I guess I'm slightly more on the side of not requiring it, > > since we don't do the same for kmalloc() etc. and probably really > > wouldn't want to add kmalloc_s() that does it ;-) > > I suspect the number of bugs this catches will be small, but they'll be > in places where the flow of control is complicated. What we want is to > know that there's no "real" value already present. I'd love it if we > could make the macro declare a new name (yeah, I know, mixing > declarations and code). I don't think I can do a declaration and an expression statement at the same time with different scopes, but that would be kind of cool. We did just move to c11 to gain the in-loop iterator declarations... > Of course, we could also end up with people writing a wrapping macro > that sets the variable to NULL before invoking the underlying macro... I hope it won't come to that! :) -- Kees Cook
