[openssl-project] Removal of NULL checks

Viktor Dukhovni openssl-users at dukhovni.org
Thu Aug 9 17:16:35 UTC 2018

On Thu, Aug 09, 2018 at 07:12:18PM +0200, Richard Levitte wrote:

> viktor> 	X509 *x;
> viktor> 	STACK_OF(X509) *s;
> viktor> 
> viktor> 	...
> viktor> 	/* Allocate 's' and initialize with x as first element */
> viktor> 	if (sk_X509_push(s = sk_X509_new(NULL), x) < 0) {
> viktor> 		/* error */
> viktor> 	}
> I would regard that code incorrectly written, because it doesn't check
> the value returned from sk_X509_new(NULL) (i.e. it doesn't properly
> check for possible errors).  Correctly written code would be written
> like this:

It is correctly written *given* the existing NULL checks, and the
fact that our API is under-documented.

> However, if we actually want people to be able not to check if the
> stack they wanted to allocate actually got allocated, the correct
> course of action would be to make that a defined behaviour, i.e. fix
> the docs accordingly.

Yes, we should document the existing behaviour in preference to
changing it.  Changing the behaviour of existing functions should
require a compelling reason to do that.


More information about the openssl-project mailing list