If you've debugged the problem to the point where you know +5 will be sufficient, you should know enough to fix the bug that required it in the first place.

Or, at the very least, know enough about the problem to leave a comment that properly explains why you're unable to fix the bug.

It's not a bug. It's a public API and the buffer is an input from the caller. Nothing goes wrong if the buffer is smaller than it ought to be. The doc comment is just warning the caller they might need a larger buffer than they think they do.

I read the comment as saying there's another call which gives you a recommended buffer size, but the value returned isn't always sufficient. That sounds very much like a bug to me. It could be a tweet just doesn't give enough context to know what the real problem is.

>It could be a tweet just doesn't give enough context to know what the real problem is.

The comment you originally replied to has a direct link to the (commit that added the) code in question.

I disagree.

You can certainly fix known knowns, but you can't fix unknown unknowns. Sometimes its safer to simply apply a rule that you have confidence will work everywhere than fix that may introduce unsuspecting problems.

How do you get that confidence without tracking down the root cause?

I never said that you don't track down a root cause.

Once you identify a root cause, you can assess the scope. "allocate 5 bytes more than you need" is a pretty broad reaching fix. I'd be very hesitant to implement it without proper time to fix.

> Also, where's the unit test?

What would you think if the following were true for a fairly generalized problem:

- It is easy to prove a particular upper bound on memory requirements when calling a function.

- It is very difficult to know exactly what the memory requirements will be for particular input.

- No known input achieves the known upper bound.

Is it a problem if we allocate enough memory to satisfy the bound we can prove, and then don't have a unit test showing we can't do with less?

I'd be satisfied with that if I was a reviewer in the code review. I'd want that (and the proofs) explicitly mentioned in the comment, or at the very least in the commit message.

At first glance the example seems contrived to me. Assuming that the code is deterministic, wouldn't it be trivial to measure the memory requirement for a particular input?

There are a lot of potential inputs.

so why is 5 enough? could there be an input where the number needs to be 15? or 1005?

This doesn't make any sense as a response to my comment. We said that you know that 5 is sufficient, but not that it's necessary.

What were you trying to ask?

But surely it would be possible to measure the memory requirements for one of those potential inputs...

If that's all the case, then, where's the proof? It might be "easy to prove," but it's probably not an "I can prove this trivially, on the fly" type of task.

> What would you think if the following were true for a fairly generalized problem:

> - It is easy to prove a particular upper bound on memory requirements

That they should have included said proof in the source code (in a comment if the type system isn't expressive enough to run it).

Based on the original message that did + 64 and that this revised to + 5, it might be that a float64 can be serialized to at most 13 ASCII characters (not true in general but might be true of cjson's serializer; I didn't check). The original buffer would only have 8 bytes since that's the width of the f64, so 5 more bytes are needed.

”Might be” — that’s the point. Whoever feels comfortable pushing this code should be comfortable with explaining their rationale.

In this case, the unit test would serve as excellent documentation of how to trigger the bug this padding fixes.

It seems like the commit also slightly regressed the comment. Going from 'floating point value is printed', which at least gives a hint as to why, and replaced it with 'inaccuracies when reserving memory', which is useless for future developers.

My guess is this: they had an off by one error but didn't know it. When he allocated an extra 5 bytes, the problem went away. Instead of fixing the problem, they made an assumption as to why the extra bytes made the error go away.

The Pull Request is at https://github.com/DaveGamble/cJSON/pull/146