Best and safest API for a function which fills a buffer with variable-length data

api-designc

I have a function which receives a buffer and returns some data in the buffer. The data can be smaller than the buffer capacity.

Which is the best and safest API for this?

int fn(void *buffer, size_t buffer_len): the size of the data written to buffer is returned by the function. Downside: the return value must also have a way to indicate that some error occurred (in-band error indicator).
errno_t fn(void *buffer, size_t *buffer_len): in this case, buffer_len works both as input (the buffer capacity) and output (the data size). The function can return an error code. I think this is OK, but somewhat awkward.
errno_t fn(void *buffer, size_t *data_len, size_t buffer_len): like the previous, but with input/output separated in two arguments. Also returns error code, but is also awkward due to too many arguments.

(Any other options?)

Best Answer

I think the best API for such case is to create a buffer specification and deal with it, like:

struct sbuf {
  void *data;
  size_t size, pos, length;
};

// void if malloc() errors do abort(). int otherwise, to report error
void sbuf_alloc(sbuf *sb, size_t minsize);
void sbuf_free(sbuf *sb);

int /* or errno_t, whatever */ fn(sbuf *sb);

With such API, you'll avoid 1) long and cumbersome argument lists, 2) chance to mistake length for size and vice versa, and will gain instead understanding of object-like gist of your buffers.

Related Solutions

Which is better: for valid buffer length

sizeof(*test_buff) is computed at compile time and will evaluate to the size of a single element of test_buff. As test_buff is a buffer of char's, that element size is guaranteed to be 1. If I have to choose between the two options that you give, then only option 2 has useful behaviour.

On the other hand, if there comes a time that you need to change the size of your buffer, then you have to make that change in 3 (or 4 or 5) places and you have to look out for the places where the number 512 is used with a different meaning. For this reason, my preferred way of writing the code is like this:

#define BUFFER_SIZE 512
char *test_buff = (char *) malloc(BUFFER_SIZE); //allocate 512 bytes in heap memory.
bzero(test_buff, BUFFER_SIZE); //Reset buffer instead of Junk/garbage.
/* random code here to fill-in the buffer called "test_buff"...*/
...
/* Send data to another host/system [this doesn't matter though]
 * using buffer "test_buff".
 */
 sendto(sock_descriptor, test_buff /*buffer to send data*/, BUFFER_SIZE /* actual malloced size*/ ,...,...); // option-2a

If you want to send only the used portion of the buffer, you either need to keep explicitly track of that, or if your buffer only holds a single string, you can use strlen(test_buff)+1 (+1 to ensure the terminating '\0' is also transmitted).

C Coding Style – Functions Returning Strings, Good Practice?

The methods I've seen most are 2 and 3.

The user supplied buffer is actually quite simple to use:

char[128] buffer;
mytype_to_string(mt, buffer, 128);

Though most implementations will return the amount of buffer used.

Option 2 will be slower and is dangerous when using dynamically linked libraries where they may use different runtimes (and different heaps). So you can't free what has been malloced in another library. This then requires a free_string(char*) function to deal with it.

Best Answer

Related Solutions

Which is better: for valid buffer length

C Coding Style – Functions Returning Strings, Good Practice?

Related Topic