On Wed, Jan 28, 2009 at 11:52:18PM +0200, Damyan Ivanov wrote: > > However those functions can also return -1 on failure. This > > would then mean that other applications making use of this > > could wrongly check the return value. > > Since $dsa->verify(...) croaks in underlying OpenSSL call returns -1, > it seems to me that croaking in do_verify(...) is the right thing to > do. > > From what I understand, verify() and do_verify() only differ in what > they accept as parameters, otherwise the semantic is the same -- > verify a signature. > > Does in your opinion (1) patching do_verify() to croak if underlaying > library call returns -1, (2) documenting the fact that both verify() > and do_verify() may croak and (3) sending the patch upstream, would > fix the bug?
I have no idea what croak does exactly, but if it's some mechanisme to report error conditions, like a throw in C++, it might be a good way of doing it. But then I have to wonder why croak isn't called in case of a 0 return value. Both 0 and -1 are error cases. And most applications don't care if 0 or -1 was returned. Kurt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
