diff options
author | Ralph Boehme <slow@samba.org> | 2015-10-20 12:01:22 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2015-10-20 20:22:22 +0200 |
commit | 6c81ecc795d729fc049d42b4df6deff520edd81a (patch) | |
tree | 133b5c0724986f0511a7d2f28e564207b0e0aaf7 /README.Coding | |
parent | 1dba49859348d01558d434bfa65734ff532b09c9 (diff) | |
download | samba-6c81ecc795d729fc049d42b4df6deff520edd81a.tar.gz |
README.Coding: initialize pointers
Pointers must be initialized to NULL.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'README.Coding')
-rw-r--r-- | README.Coding | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/README.Coding b/README.Coding index 52dca49bede..9073b77118a 100644 --- a/README.Coding +++ b/README.Coding @@ -320,6 +320,39 @@ Samba tries to avoid "typedef struct { .. } x_t;" so we do always try to use "struct x { .. };". We know there are still such typedefs in the code, but for new code, please don't do that anymore. +Initialize pointers +------------------- + +All pointer variables MUST be initialized to NULL. History has +demonstrated that uninitialized pointer variables have lead to various +bugs and security issues. + +Pointers MUST be initialized even if the assignment directly follows +the declaration, like pointer2 in the example below, because the +instructions sequence may change over time. + +Good Example: + + char *pointer1 = NULL; + char *pointer2 = NULL; + + pointer2 = some_func2(); + + ... + + pointer1 = some_func1(); + +Bad Example: + + char *pointer1; + char *pointer2; + + pointer2 = some_func2(); + + ... + + pointer1 = some_func1(); + Make use of helper variables ---------------------------- @@ -329,7 +362,7 @@ it's also easier to use the "step" command within gdb. Good Example: - char *name; + char *name = NULL; name = get_some_name(); if (name == NULL) { |