On Thu, Jun 25, 2015 at 4:55 PM, Johannes Schlüter <johan...@schlueters.de> wrote:
> On Thu, 2015-06-25 at 14:52 +0200, Nikita Popov wrote: > > However what it doesn't do, and what I wouldn't consider feasible to do, > is > > ensure that every single string conversion in library functions is > > exception safe. Personally I don't think this is a blocking issue, as the > > worst that can happen is usually an additional superfluous warning to be > > thrown, or something similar. If cases like this turn up, we can > > specifically target them. > > I don't agree to the assesment that this isn'T a problem. Consider this > extension pseudo-code: > > > zval *data = get_data(); > convert_to_string(data); > store_into_database(Z_STRVAL_P(data)); > return TRUE; > > This will store wrong data in the database and report to the user that > there was an error before storing, so the user assumes nothing was > stored. > We have hundreds such cases :( > The only way we can do that imo is by bailing out if an exception is > thrown and introducing yet another set of string conversion functions > for marking exception safe uses. (i.e. convert_to_string_throwing()) > This may lead to memory and resource leaks. In general, we may throw exceptions, only from "safe" places, but this going to make a mesh. Thanks. Dmitry. > > johannes > > > >
