timeout: Assert that the timeout interval is non-negative

We should never allocate a DBusTimeout with a negative timeout set:
if we want to wait forever for an event to happen, that's represented
by the absence of a DBusTimeout.

This ensures that code in DBusConnection can safely assume that the
timeout retrieved from a DBusTimeout will always be in its allowed range
(-1 to INT_MAX inclusive).

I've checked that all current callers get this right.

Signed-off-by: Simon McVittie <smcv@collabora.com>

diff --git a/dbus/dbus-timeout.c b/dbus/dbus-timeout.c
index 412420e4a54e1033fe29278a7141d5127f91c6c0..3da8750aac3e496440fd963b2886517fc803abe1 100644 (file)
--- a/dbus/dbus-timeout.c
+++ b/dbus/dbus-timeout.c
@@ -42,7 +42,7 @@
 struct DBusTimeout
 {
   int refcount;                                /**< Reference count */
-  int interval;                                /**< Timeout interval in milliseconds. */
+  int interval;                                /**< Timeout interval in milliseconds, always non-negative */
 
   DBusTimeoutHandler handler;                  /**< Timeout handler. */
   void *handler_data;                          /**< Timeout handler data. */
@@ -56,7 +56,7 @@ struct DBusTimeout
 
 /**
  * Creates a new DBusTimeout, enabled by default.
- * @param interval the timeout interval in milliseconds.
+ * @param interval the timeout interval in milliseconds, which must be non-negative
  * @param handler function to call when the timeout occurs.
  * @param data data to pass to the handler
  * @param free_data_function function to be called to free the data.
@@ -70,6 +70,8 @@ _dbus_timeout_new (int                 interval,
 {
   DBusTimeout *timeout;
 
+  _dbus_assert (interval >= 0);
+
   timeout = dbus_new0 (DBusTimeout, 1);
   if (timeout == NULL)
     return NULL;
@@ -134,7 +136,7 @@ _dbus_timeout_unref (DBusTimeout *timeout)
  * but it cannot be used in conjunction with an application main loop.
  *
  * @param timeout the timeout
- * @param interval the new interval
+ * @param interval the new interval, which must be non-negative
  */
 void
 _dbus_timeout_restart (DBusTimeout *timeout,
@@ -438,7 +440,7 @@ _dbus_timeout_restarted (DBusTimeout *timeout)
  * to notify you of the change.
  *
  * @param timeout the DBusTimeout object.
- * @returns the interval in milliseconds.
+ * @returns the interval in milliseconds, which is always non-negative
  */
 int
 dbus_timeout_get_interval (DBusTimeout *timeout)