Graeme Geldenhuys <graemeg.li...@gmail.com>: > 2009/11/19 "Vinzent Höfler" <jellyfish.softw...@gmx.net>: > > > > Why don't you create your own initialization routine together with the > > Because not all the code I maintain is my own. Some code, as in the > case of DCPCrypt gave stacks of hints which were all false positives.
I understand. > If I now go around changing all these pieces of code, it will make it > harder to backport my actual fixes to the upstream DCPCrypt code. Sure, especially with crypto code where proper initialization might even be the wrong thing: http://digitaloffense.net/tools/debian-openssl/ ;) > > the general "initialization equals setting it to zero" approach (which > > I personally refer to as "paranoia initialization" - in practice it > > A simple example where it is vital to initialize such structures. [...] Of course, you should (almost) never use uninitialized data. I didn't say that, did I? > So no, initializing data structures is nothing about "paranoia". It's > about knowing what the initial value is of a type or data structure > when it gets used. There's a fine line between "initializing data before first use" and "initializing data when declared (or as close to the declaration as possible)". Most people do the latter when they encounter the rule "all data must be initialized before use", because it's easier, involuntarily introducing bugs. Initialized data is no good when it still contains the wrong value. And to give a rather extreme (reconstructed real-world) example of what I meant, doing -- 8< -- var i : Integer; // Loop counter begin i := 0; for i := 1 to ... end; -- 8< -- really *is* pure paranoia. Vinzent. -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal