On Fri, Apr 24, 2026 at 15:07 +0200, Alejandro Colomar via Mutt-dev wrote:
Here's getrandom():
ssize_t getrandom(void *buf, size_t buflen, unsigned int flags);
The return value is either the number of bytes written into buf, or -1 on
error. On error, the global variable errno is set with an error code.
Hypothetically, I'd be happier with
int getrandom(void *buf, size_t buflen, size_t *n, unsigned int flags);
That complicates things. It requires writing more code, and also
complicates static analysis. Do you initialize 'n' before the call,
just in case? Should getrandom(2) assign to 'n' on failure? If yes,
what value?
Looks like it cannot return any data with EINTR or any other error, so
returned length *n would only be valid on success.
And in the case of integers, it's relatively okay. If you return
pointers, you certainly want to return NULL on error, instead of having
a ** parameter and an int return value for the error. ** pointers are
easier to misuse.
That function doesn't return any pointers. There's no **.
