1. 27
  1.  

  2. 19

    The libcurl examples we host on the curl web site (and ship in curl tarballs) are mostly done without error checks

    Hopefully the lesson here is for the libcurl project that users will copy-paste anything. All the checks really need to be in the examples.

    1. 16

      This is extra ironic because immediately preceding this section is one about how people don’t read the docs! Then it goes and says that following the examples in the docs is wrong.

      1. 13

        MSDN used to omit error handling from their examples to simplify the code (and warned about this), until they realized that everyone was just pasting the examples into their code as-is, regardless of warnings.

      2. 6

        When doing a C++ project lately I was using the cpr library, which is a wrapper around libcurl, and it did the job done much easier than when using libcurl directly:

        https://docs.libcpr.org/

        1. 4

          This article is great. libcurl is so useful, full-featured, and ubiquitous. It has found its way into nearly every project I have worked on during my 25 year career in C++. Unfortunately I find that it is seldom used it a safe and completely error-free manner. The problem is that libcurl is so easy to integrate that people forget it is doing a hard, complex job and HTTP has many wrinkles.

          A couple of years ago I put together what I consider to be the minimal wrapper around libcurl in order to use it safely for its simplest “just download some bytes” use case - blog post or github

          1. 2

            Speaking of C++ and common libcurl mistakes, I found numerous cases of dangling c_str() refs in a codebase I deal with daily due to the behavior of POSTFIELDS. I usually just fix it with COPYPOSTFIELDS and call it a day.

            1. 2

              This sounds like such an obvious thing but we keep seeing this happen over and over again: users write code that uses libcurl functions but they don’t check the return codes.

              I have to wonder how many times Rust’s “must use” warnings have saved my butt. This is an easy thing to miss once in a while.

              For those who aren’t familiar with Rust, it will yell at you if you don’t do anything with the “Result” return type, which may indicate an error. It’s a warning, not an error, but still very helpful.

              1. 1

                gcc (and llvm, and…) has __attribute__((warn_unused_result)) for the same purpose.

                1. 2

                  Which are still helpful even on functions where you might want to use the result only say 95% of the time, since you can write a call like void someFunction(); to explicitly notify the compiler that you’re ignoring the result on purpose.