| ▲ | mort96 2 hours ago |
| Is that true though? Using defer, the code would be: if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
return err;
return err;
This has the exact same bug: the function exits with a successful return code as long as the SHA hash update succeeds, skipping further certificate validity checks. The fact that resource cleanup has been relegated to defer so that 'goto fail;' can be replaced with 'return err;' fixes nothing. |
|
| ▲ | anilakar 2 hours ago | parent [-] |
| It would have resulted in an uninitialized variable access warning, though. |
| |
| ▲ | uecker 2 hours ago | parent | next [-] | | I don't think so. The value is set in the assignment in the if statement even for the success path. With and without defer you nowadays get only a warning due to the misleading indentation: https://godbolt.org/z/3G4jzrTTr (updated) | |
| ▲ | mort96 2 hours ago | parent | prev [-] | | No it wouldn't. 'err' is declared and initialized at the start of the function. Even if it wasn't initialized at the start, it would've been initialized by some earlier fallible function call which is also written as 'if ((err = something()) != 0)' |
|
