sink-input, source-output: add a couple of assertions

Coverity complained about data->sink being possibly NULL when it's
dereferenced later. It was difficult for me to figure out whether that
was a false positive or not. Hopefully the comments make it a bit
easier to reason about the code in the future.

CID: 1323591

diff --git a/src/pulsecore/sink-input.c b/src/pulsecore/sink-input.c
index 05fe2c0..f993322 100644 (file)
--- a/src/pulsecore/sink-input.c
+++ b/src/pulsecore/sink-input.c
@@ -338,6 +338,11 @@ int pa_sink_input_new(
         data->format = pa_format_info_copy(pa_idxset_first(data->nego_formats, NULL));
 
     if (PA_LIKELY(data->format)) {
+        /* We know that data->sink is set, because data->format has been set.
+         * data->format is set after a successful format negotiation, and that
+         * can't happen before data->sink has been set. */
+        pa_assert(data->sink);
+
         pa_log_debug("Negotiated format: %s", pa_format_info_snprint(fmt, sizeof(fmt), data->format));
     } else {
         pa_format_info *format;

diff --git a/src/pulsecore/source-output.c b/src/pulsecore/source-output.c
index f8a421a..f8f4e0e 100644 (file)
--- a/src/pulsecore/source-output.c
+++ b/src/pulsecore/source-output.c
@@ -280,6 +280,11 @@ int pa_source_output_new(
         data->format = pa_format_info_copy(pa_idxset_first(data->nego_formats, NULL));
 
     if (PA_LIKELY(data->format)) {
+        /* We know that data->source is set, because data->format has been set.
+         * data->format is set after a successful format negotiation, and that
+         * can't happen before data->source has been set. */
+        pa_assert(data->source);
+
         pa_log_debug("Negotiated format: %s", pa_format_info_snprint(fmt, sizeof(fmt), data->format));
     } else {
         pa_format_info *format;