On 03/08/22 17:00, Richard W.M. Jones wrote:
This patch is fine, thanks ...
> + it is taken as [default_prio], that is, 5000. If [prio] is smaller than 0
> + or greater than 9999, an Assert_failure is raised (the [prio] parameter
> + is not expected to depend on external data).
... but I'm confused by what you meant by "is not expected to depend
on external data"?
In general, no assert() condition should depend on user-controlled data;
assert() is for catching programming bugs. If user input can lead to the
falsification of a condition (invariant etc), then that needs to be
caught with a different tool -- throw a different exception, report an
error, etc. So the idea here is that the priority should never depend on
user input.
(For example: in case the priority parameter were exposed by
virt-customize's --firstboot* options in the future, then the assert()
would no longer be OK. A different kind of exception would be necessary.)
Anyway, ACK
Thanks!
Laszlo