On Fri, Nov 29, 2019 at 7:08 PM Tomas Mraz <tm...@redhat.com> wrote: > The "always check for NULL pointers" approach does not avoid > catastrophical errors in applications.
I didn't say it avoided all errors (nor did anyone else on the thread that I've read) - but it does avoid a whole class of errors. And for that particular context there are many things you can do to mitigate it - and incorrect handling of EVP_CipherUpdate itself is very common - where error returns are completely ignored. We could reasonably define that it should wipe out the output buffer on any error condition - that would make the function safer in a whole pile of contexts. However that is talking about a different issue IMHO. Tim.