On 07/13/12 21:11, Paolo Bonzini wrote: > Il 13/07/2012 19:30, Laszlo Ersek ha scritto: >>>>>> - if (errp == NULL) { >>>>>> + if (errp == NULL || *errp != NULL) { >>>> >>>> I think we should use assert() here. >>>> >>>> If the error is already set, that most probably indicates a bug in the >>>> caller, as >>>> it's the caller's responsibility to decide which error to return. >> I believe we had a good argument against this, but I can't precisely >> recall (or find) it now. Paolo, do you remember? Can you please both >> search your respective mailboxen for Message-ID >> <4fb21b71.7030...@redhat.com>? That's where we started to discuss this. >> >> I believe I saw some paths in the code that tripped on this leak, and >> generally keeping the first error seemed like a good idea. >> opts_end_struct() originally checked for any pre-existent error >> explicitly, but then the check was moved to the common code. > > The reason to do this for error_propagate was to allow this idiom: > > /* Always call end_struct if start_struct succeeded. */ > error_propagate(errp, err); > err = NULL; > visit_end_struct(v, &err); > error_propagate(errp, err);
Right! > I think doing it for error_set was just for symmetry and to avoid > introducing excessive complexity. Correct again. IIRC it was even yours truly who humbly suggested that. Thanks! Laszlo