Closed JFreegman closed 4 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
623e3ee
) 73.11% compared to head (fbe3c19
) 73.05%.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Does the length being non-zero guarantee that the
data
is not NULL? In that case these changes would make sense.But if the
length
is user-provided, then no.Reviewable status: 1 change requests, 0 of 1 approvals obtained
There should never be an instance where a non-zero length is paired with a null data pointer. That would indicate a serious bug. The length is never user-provided. These notations are for telling static analyzers what to expect, and if they see something unexpected, they'll tell us about it. Since both these functions are able to handle both null and non-null data pointers, analyzers shouldn't complain if they see either case.
If there were a bug and we passed a null pointer to net_unpack()
for example, then the analyzer would warn us for that specific case.
These notations are for telling static analyzers what to expect, and if they see something unexpected, they'll tell us about it. Since both these functions are able to handle both null and non-null data pointers, analyzers shouldn't complain if they see either case.
Yep. And there are actually a lot more of these attributes we could use, for example marking which arguments are read-only and which are read-write, or which argument is expecting a null-terminated C-string https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html
Too bad we can't use those in the API as they are not really portable.
This change is![Reviewable](https://reviewable.io/review_button.svg)