Re: Missing checks when malloc returns NULL...

Michael Paquier <michael.paquier@gmail.com> writes:
> And with an actual patch things are better.

Working through this patch, it suddenly strikes me that we are going
about fixing the callers of simple_prompt the wrong way.  The existing
definition with returning a malloc'd string creates a hazard of malloc
failure, and it *also* creates a hazard of not remembering to free the
result.  Moreover, there are almost no callers that want a max result
longer than ~100 bytes.  Seems like it would be a whole lot easier all
around to make the caller supply the buffer, ie typical call would be
roughly
char    buf[100];
simple_prompt("Password: ", buf, sizeof(buf), false);

Callers that want to deal with a malloc'd buffer (all one of them, looks
like) can do it themselves, for basically only one more line than is
needed now.
        regards, tom lane