On 11/26/25 15:34, Markus Armbruster wrote:
Suggested-by: Peter Maydell <[email protected]>
Signed-off-by: Markus Armbruster <[email protected]>
---
include/qapi/error.h | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/include/qapi/error.h b/include/qapi/error.h
index f3ce4a4a2d..fc018b4c59 100644
--- a/include/qapi/error.h
+++ b/include/qapi/error.h
@@ -437,6 +437,23 @@ Error *error_copy(const Error *err);
*/
void error_free(Error *err);
+/*
+ * Note: we intentionally do not enable g_autoptr(Error) with
+ * G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(Error, error_free).
+ *
+ * Functions that report or propagate an error take ownership of the
+ * Error object. Explicit error_free() is needed when you handle an
+ * error in some other way. This is rare.
+ *
+ * g_autoptr(Error) would call error_free() automatically on return.
+ * To avoid a double-free, we'd have to manually clear the pointer
+ * every time we propagate or report.
+ *
+ * Thus, g_autoptr(Error) would make the rare case easier to get right
+ * (less prone to leaks), and the common case easier to get wrong
+ * (more prone to double-free).
+ */
+
/*
* Convenience function to assert that *@errp is set, then silently free it.
*/
Reviewed-by: Cédric Le Goater <[email protected]>
Thanks,
C.
