diff options
author | Jeff King <peff@peff.net> | 2017-09-05 14:14:40 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2017-09-06 10:19:53 +0200 |
commit | f5b4dc7668b6c8d71432af9f9ddad6f7c62d284e (patch) | |
tree | 08d66b7424d42dca854320d7a7e508800820c9e7 /tempfile.h | |
parent | tempfile: prefer is_tempfile_active to bare access (diff) | |
download | git-f5b4dc7668b6c8d71432af9f9ddad6f7c62d284e.tar.xz git-f5b4dc7668b6c8d71432af9f9ddad6f7c62d284e.zip |
tempfile: handle NULL tempfile pointers gracefully
The tempfile functions all take pointers to tempfile
objects, but do not check whether the argument is NULL.
This isn't a big deal in practice, since the lifetime of any
tempfile object is defined to last for the whole program. So
even if we try to call delete_tempfile() on an
already-deleted tempfile, our "active" check will tell us
that it's a noop.
In preparation for transitioning to a new system that
loosens the "tempfile objects can never be freed" rule,
let's tighten up our active checks:
1. A NULL pointer is now defined as "inactive" (so it will
BUG for most functions, but works as a silent noop for
things like delete_tempfile).
2. Functions should always do the "active" check before
looking at any of the struct fields.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'tempfile.h')
-rw-r--r-- | tempfile.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tempfile.h b/tempfile.h index d854dcdd3e..d30663182d 100644 --- a/tempfile.h +++ b/tempfile.h @@ -211,7 +211,7 @@ extern FILE *fdopen_tempfile(struct tempfile *tempfile, const char *mode); static inline int is_tempfile_active(struct tempfile *tempfile) { - return tempfile->active; + return tempfile && tempfile->active; } /* |