[Libvir] PATCH: Make the virBuffer API harder to misuse
Daniel P. Berrange
berrange at redhat.com
Mon Apr 28 12:13:00 UTC 2008
On Mon, Apr 28, 2008 at 03:17:33AM -0400, Daniel Veillard wrote:
> On Sat, Apr 26, 2008 at 05:37:11PM +0100, Daniel P. Berrange wrote:
> >
> >
> > The following set of changes adjust the way errors are handled in the
> > virBuffer routines. The key idea is to make it hard (impossible) to
> > misuse the API, with each change addressing one of the errors scenarios
> > I've found in existing code using the routines.
>
> In general I agree an like the change, except
>
> > - The contents of the struct are no longer public.
> >
> > Rationale: This stops people accessing the buffer directly,
> > thus preventing use of data which may be in an error state.
>
> results in this:
> > struct _virBuffer {
> > - char *content; /* The buffer content UTF8 */
> > - unsigned int use; /* The buffer size used */
> > - unsigned int size; /* The buffer size */
> > + char *padding[__SIZEOF_VIR_BUFFER]; /* This struct contents is private */
> > };
>
> which is really not nice.
> I would prefer to relax the 'non-public' point and let the compiler
> compute the size in some ways rather than hardcode based on a word size
> indication which may not take into account specific alignment problems
> on some platforms.
One other option I considered is to just define the struct in the public
header with meaningless field names
struct _virBuffer {
char a;
unsigned int b;
unsinged int c;
};
The real version is re-declared with proper names in buf.c, so this will
at least discourage its use which is probably good enough.
Dan.
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list