On Thursday 07 January 2016 15:05:38 Niels Möller wrote:
Tim Ruehsen tim.ruehsen@gmx.de writes:
But what's wrong with providing a larger buffer than needed ?
I don't think about it as the size of the provided buffer, but as the requested size of the digest (intended for the usecase of truncated digests). And it's not defined how to produce a 20-byte md5 digest. If
md5_digest(&md5, 20, digest);
were allowed, what should it do? Write 16 bytes, and leave the remaining 4 bytes untouched?
You put the answer into my mouth... yes, that seems intuitive to me.
Some admins have their jobs due to 'stop-by-assertion' software - at least that is good thing about assertions ;)
I suspect that 'continue-with-silent-data-corruption' software would give them even more work...
Definitely. That's why I try to avoid either of them.
An assertion doesn't give the higher layers a chance to intervene. The process is being killed, eventually leaving corrupted data in persistent memory while all information to recover anything is gone with the killed process. Returning a proper error value at least gives the ones who care for the chance to recover. I am working in the telephony area where recovering from faults is a basic design (even on protocol level). Also in mind that a single process may control hundreds of connections - a sudden stop may kill people (just calling the ambulance / police, maybe no chance to call again).
Regards
Tim