[PATCH v3] libio: asprintf should write NULL upon failure
Florian Weimer
fweimer@redhat.com
Sat Aug 3 11:08:37 GMT 2024
* Solar Designer:
>> +++ b/manual/stdio.texi
>> @@ -2524,7 +2524,9 @@ Allocation}) to hold the output, instead of putting the output in a
>> buffer you allocate in advance. The @var{ptr} argument should be the
>> address of a @code{char *} object, and a successful call to
>> @code{asprintf} stores a pointer to the newly allocated string at that
>> -location.
>> +location. Current versions of @theglibc{} write a null pointer to
>> +@samp{*@var{ptr}} upon failure, but this is not required by the
>> +standard, and previous versions did not modify the pointer value.
>
> This makes it sound as if previous versions always did not modify the
> pointer value, but e.g. 2.34 would sometimes leave the pointer value
> unmodified and other times reset it to NULL. I suggest replacing "did
> not modify the pointer value." with "sometimes left the pointer value
> unmodified. Callers are required to check the function's return
> value."
I reviewed the older implementations, and I think we can say this, which
I think is more helpful to the programmer:
“
Current and future versions of @theglibc{} write a null pointer to
@samp{*@var{ptr}} upon failure. To achieve similar behavior with
previous versions, initialize @samp{*@var{ptr}} to a null pointer before
calling @code{asprintf}.
”
What do you think? Based on my review, even in the older
implementations, we never wrote a non-null pointer, proceeded to free
it, and then returned failure. All the reallocation work was kept track
of in internal pointers, and the ptr argument was only used after the
format string had been processed.
Thanks,
Florian
More information about the Libc-alpha
mailing list