Several exported libbitcoinkernel C API functions currently rely on assertions for caller-provided runtime inputs, including transaction/block index accessors, script verification flags and input indexes, precomputed transaction data spent-output arrays, and block undo accessors.
The public header describes error reporting through return values and status out parameters. For external callers, invalid runtime input should fail closed with nullptr, 0, or a specific status rather than terminating the process through an assertion.
Examples of affected areas:
btck_transaction_get_output_at and btck_transaction_get_input_atbtck_script_pubkey_verifybtck_precomputed_transaction_data_createbtck_block_get_transaction_atbtck_block_spent_outputs_get_transaction_spent_outputs_atbtck_transaction_spent_outputs_get_coin_at
Expected behavior:
- Out-of-range accessor indexes return
nullptr.
- Unsupported script verification flag bits return
0 and set a status.
- Out-of-range script verification input indexes return
0 and set a status.
- Malformed spent-output arrays return
nullptr.
This would make the experimental C API more robust for external consumers while preserving the existing non-null handle preconditions.
Several exported libbitcoinkernel C API functions currently rely on assertions for caller-provided runtime inputs, including transaction/block index accessors, script verification flags and input indexes, precomputed transaction data spent-output arrays, and block undo accessors.
The public header describes error reporting through return values and status out parameters. For external callers, invalid runtime input should fail closed with
nullptr,0, or a specific status rather than terminating the process through an assertion.Examples of affected areas:
btck_transaction_get_output_atandbtck_transaction_get_input_atbtck_script_pubkey_verifybtck_precomputed_transaction_data_createbtck_block_get_transaction_atbtck_block_spent_outputs_get_transaction_spent_outputs_atbtck_transaction_spent_outputs_get_coin_atExpected behavior:
nullptr.0and set a status.0and set a status.nullptr.This would make the experimental C API more robust for external consumers while preserving the existing non-null handle preconditions.