[zeromq-dev] Questions about Coding Style
john skaller
skaller at users.sourceforge.net
Sat Feb 11 10:51:01 CET 2012
On 11/02/2012, at 8:27 PM, niXman wrote:
>
> Continuing review of the libzmq code, I have found a few situations
> when the program will be crushed on segmentation fault.
It's impossible to avoid this in C.
> I consider that programs crash on segmentation fault is an
> inadmissible error of the ØMQ developers', but not the library user's.
No. The right thing is: the library is only responsible if the
pre-conditions of the function call are met. If the pre-conditions
of the call are not met, all bets are off.
> For example the call:
>> rc = zmq_setsockopt (sub, ZMQ_SUBSCRIBE, 0, 4);
> will end on segmentation fault on line 56 of the sub.cpp file.
The user, not the library, is responsible for sending correct
arguments to functions.
I assume here, the problem is that a blob was expected, i.e. a pointer
to a char array, length 4, but a NULL pointer got sent instead.
That's the user's fault. The library might check the pointer is not
NULL, but that's not enough. The pointer may be non-null
and point off the end of an array: you'll get a segfault.
libzmq does some really weird things to try to check sockets,
etc, are valid things, to compensate for the stupidity of C.
But they're only statistical helps. Sometimes it will catch
a bad pointer. Sometimes it will segfault.
It's actually not clear to me it is worth cluttering up the code
with such sanity checks. We hope instead no one is actually
using the C binding of 0MQ, other than bindings into saner languages.
--
john skaller
skaller at users.sourceforge.net
More information about the zeromq-dev
mailing list