> -----Original Message-----
> From: ffmpeg-devel <ffmpeg-devel-boun...@ffmpeg.org> On Behalf Of Rémi
> Denis-Courmont
> Sent: Donnerstag, 24. April 2025 20:34
> To: ffmpeg-devel@ffmpeg.org
> Subject: Re: [FFmpeg-devel] [RFC] Shaping the AVTextFormat API Surface
>
> Le tiistaina 22. huhtikuuta 2025, 7.20.26 Itä-Euroopan kesäaika
> softworkz . a
> écrit :
> > Hi Stefano, Andreas, Nicolas
> > and of course, anybody who's interested in the AVTextFormat APIs,
> >
> >
> > let me start by saying that I have no intention to rush the
> > publicization of those APIs. I think there's still a way to go.
> > But it's also true that when you don't have a clear understanding
> > of where you actually want to go, you'll hardly arrive there.
> >
> > At the implementation level, I sensed that "you" ("FFmpeg")
> > are following some principles which are somewhat contradictive to
> > those that I'm usually adhering to (e.g. "parameter validation
> > being a responsibility of the call site, crashing otherwise
> > being acceptable"). Nonetheless, I'm the one who has to adapt,
> > and I'm not going to question that.
>
> How do you validate parameters in C in the first place? Pointers are
> so
> pervasive (in general, as in FFmpeg), and essentially impossible to
> validate.
> How do you prevent crashing on invalid pointers?
>
> I feel that what you think you are usually doing is not what you think
> that
> you are actually usually doing.
>
> It makes sense to validate inputs if you are on a trust boundary
> and/or
> deserialising data. But that's about the only cases (and it's
> debatable if
> those aren't even two sides of the same coin).
>
> --
Hello Rémi,
I'm not sure what you feel about what I would be thinking I would be
usually doing, but that's quite pointless anyway.
To be clear: I'm not intending to enter a discussion about fundamentals,
just very simple:
Tell me what I should check for and what not in those four groups of
functions and for those things which should be checked, tell me which
way (return error, return silently, allow segfault or use an assertion).
Then I'll apply that to all those functions in a uniform and consistent
way without even arguing and the case is closed.
I just don't want to leave it alone like now without clear patterns,
that's all 😊
Thanks,
sw
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
