On Thu, Mar 7, 2013 at 11:47 PM, Branko Čibej <[email protected]> wrote: > Tend to agree but I'd restrict such checking to the APIs we consider > "public" -- regardless of whether or not they're exposed in the public > headers or not. Doing such checks in every layer is definitely overkill.
I'd like to agree but the way our APIs are layered and actually used is not conducive to this. Case in point... > Furthermore, while your patch proposes checks on the FS vtable level, I > believe servers are supposed to use the svn_repos APIs and it would > therefore make sense to make those bullet-proof (svn_fs should only be > used directly by the admin utilities). Yes the servers are supposed to be using svn_repos APIs. However, they end up needing to use svn_fs APIs because the repos layer provides an svn_fs_t and some of the features of the the libsvn_fs layer are not provided via the repos layer. E.G. it's impossible to retrieve the text of a file with libsvn_repos. We could go through and figure out which bits of the various layers are used by the servers. But I'm not sure how much work that would actually be.
