On 02/03/2016 00:43, Marvin Humphrey wrote:
I guess I would describe it as low-risk rather than harmless. I can
imagine some reasonable code paths that would trigger the error, but I
can accept that they are somewhat esoteric.
Yes, thinking more about it, there's a risk when setters are used with
non-incremented return values. When working with non-incremented values, you
must never do anything that might lead to the returning object losing its
reference to the value. So the following is obviously wrong:
// SomeClass_Get_Attr returns a non-incremented value.
Obj *attr = SomeClass_Get_Attr(obj);
SomeClass_Set_Attr(obj, other_attr);
// You can't continue to use attr, because the call to
// Set_Attr might have destroyed it.
But in the following case, it's not so obvious:
Obj *attr = SomeClass_Get_Attr(obj);
// Some harmless computations that might change attr
// or not.
SomeClass_Set_Attr(obj, attr);
Here the call to SomeClass_Set_Attr can cause a use-after-free if this setter
is written in the problematic style mentioned in CLOWNFISH-37.
Reviewing the Clownfish codebase to fix all the setters shouldn't take much
time. I'll simply go ahead and do it.
Nick
