Make sure all callers of LookupBlockIndex(...) check for nullptr before dereferencing (CBlockIndex*)#13969
Make sure all callers of LookupBlockIndex(...) check for nullptr before dereferencing (CBlockIndex*)#13969practicalswift wants to merge 1 commit intobitcoin:masterfrom
Conversation
Reviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
domob1812
left a comment
domob1812
left a comment
There was a problem hiding this comment.
A few nits, but otherwise utACK 5983a8d9eda7a3e53c4d9ec715f802d434ba7cf8.
There was a problem hiding this comment.
Nit: You could make this const CBlockIndex*.
There was a problem hiding this comment.
While you are here, you could make this const.
There was a problem hiding this comment.
This is a matter of taste, but I think that the more explicit pBestIndex != nullptr is more readable as to the intent. I'm not sure if there's a style rule for how to test pointers against null which goes against that, though.
practicalswift
force-pushed
the
LookupBlockIndex
branch
2 times, most recently
from
076ab14 to
1c02054
Compare
|
@domob1812 Thanks for reviewing. Feedback addressed. Please re-review :-) |
promag
left a comment
promag
left a comment
There was a problem hiding this comment.
This is a matter of taste, but I think that the more explicit pBestIndex != nullptr is more readable as to the intent
Not sure but I think the most frequent is assert(pointer) so I would go that way. If you feel otherwise then submit a PR to update developer notes first?
There was a problem hiding this comment.
Is this even possible? If so then it's new behaviour, should have a test, otherwise should be an assertion.
There was a problem hiding this comment.
Unrelated to this PR. Above you see that if vHeaders.push is called then pBestIndex = pindex was called. IMO this should be removed.
There was a problem hiding this comment.
You don't mean that the assertion should be removed? How do you mean "unrelated to this PR" in this context? :-)
There was a problem hiding this comment.
This is not an assertion of a LookupBlockIndex result, that's done in L3400.
There was a problem hiding this comment.
Is this even possible? If not, should be an assertion.
There was a problem hiding this comment.
Should be an assertion? How can it be nullptr since confirms > 0?
practicalswift
force-pushed
the
LookupBlockIndex
branch
3 times, most recently
from
a392e32 to
8dd6609
Compare
|
@promag Thanks for reviewing! Feedback addressed. Please re-review :-) |
promag
left a comment
promag
left a comment
There was a problem hiding this comment.
This PR only changes how the process terminates in case there is some bug. An early assertion makes sense when there are side effects until the dereferencing, which I believe is not the case here.
Also, see #13969 (review) above.
There was a problem hiding this comment.
@promag stopBlock is dereferenced a few lines down:
response.pushKV("stop_height", stopBlock->nHeight);
There was a problem hiding this comment.
And that's fine, if by any chance stopBlock is null then the process will terminate. In this simple code the assertion is pointless IMO.
|
@promag I'm not sure I follow. The assumption underlying your reasoning seems to be that the only difference between … … and … ... at runtime would be the line number at which the process terminates (given |
|
@practicalswift I said
|
|
@promag Ah, I think I misunderstood what you wrote. You're simply suggesting that the assertions should be made right before dereferencing and not earlier (assuming no side effects before dereferencing)? I misunderstood and thought that you meant that the only potential problem caused by null pointer dereferencing would be process termination :-) |
…re dereferencing (CBlockIndex*)
practicalswift
force-pushed
the
LookupBlockIndex
branch
from
8dd6609 to
75f360c
Compare
I mean that an assertion makes sense to prevent side effects before dereferencing. I also think that these particular assertions are not that relevant or useful. IMHO of course, and I'd wait for more reviews. |
ryanofsky
left a comment
ryanofsky
left a comment
There was a problem hiding this comment.
I don't think it would be a good idea to make this change without adding a style guideline about when it is actually recommended to assert that a pointer is not null before dereferencing.
Personally, I don't like these asserts because I think they are distracting and make the code verbose and awkward to read, but I guess the benefit of adding them would be to have error messages that make it easier to determine the causes of crashes when core dumps aren't available. Another benefit might be that if there was a guideline requiring asserts before pointer dereferences, it might encourage more uses of c++ references instead of pointers, which I think would be good.
Will add my code utACK 75f360c if other people want this change, but personally would like it better if the change was dropped or accompanied by a developer guideline.
@ryanofsky +1 |
5 participants
Make sure all callers of
LookupBlockIndex(...)check fornullptrbefore dereferencing (CBlockIndex*).