threads: Assert that timeout is non-negative

As noted in dbus!524 by source code inspection, the Unix/pthread
implementation assumes that the timeout is non-negative and does not
support a mode where it blocks forever (which we normally represent as
a negative timeout, like POSIX poll(2)).

This means that it would be a programming error if we ever call
this with a negative timeout, so put an equivalent assertion in the
platform-independent layer. We recommend that assertions are disabled in
production builds, so it's "cheap" to have a redundant assertion here.

Signed-off-by: Simon McVittie <smcv@collabora.com>

diff --git a/dbus/dbus-threads.c b/dbus/dbus-threads.c
index b22cc0318f97c97a4bdf980d095043bb9ab47d78..5bcd84d0b1aeb10ab9f93d51b5241c5ce4efbebf 100644 (file)
--- a/dbus/dbus-threads.c
+++ b/dbus/dbus-threads.c
@@ -257,7 +257,7 @@ _dbus_condvar_wait (DBusCondVar *cond,
  *
  * @param cond the condition variable
  * @param mutex the mutex
- * @param timeout_milliseconds the maximum time to wait
+ * @param timeout_milliseconds the maximum time to wait, must be non-negative
  * @returns #FALSE if the timeout occurred, #TRUE if not
  */
 dbus_bool_t
@@ -265,6 +265,8 @@ _dbus_condvar_wait_timeout (DBusCondVar               *cond,
                             DBusCMutex                *mutex,
                             int                        timeout_milliseconds)
 {
+  _dbus_assert (timeout_milliseconds >= 0);
+
   if (cond == NULL || mutex == NULL)
     return TRUE;