Correct way return a string from a function [closed]

Question

I have a function that is given two integers and returns a string. Right now I have this:

char* myfunc( int a, int b, int* len )
{
    int retLen = ...
    char* ret = malloc( retLen + 1 );

    if ( len != NULL )
    {
        *len = retLen;
    }

    return ret;
}

However, most functions in the C library tend to do something more like:

int myfunc( char* ret, int a, int b )
{
    ...

    return retLen;
}

You are then expected to allocate the memory for the function to fill. This allows you to do a bit more like choose where the string is allocated.

In this case though there is some maths required in the function to get the length, and there is no reason to have a buffer of any size other than the one needed. There is no upper limit on the size of the buffer (not one that is reasonable anyway).

What is considered good practice when returning a string whose length is dynamically found given the inputs?

Answer 1

A pattern I saw in kernel-mode programs is:

1. You call the function once, with some allocated memory if you happen to have some available, or null as param if you happen to have none
2. If you had memory allocated and the function found it enough it puts the result in that memory and returns OK
3. If you had no memory to pass in, or the memory passed was too little, the function returns ERROR_NOT_ENOUGH_MEMORY, and puts in an output parameter the needed memory.
   • You then allocate this needed memory and call the function again

Sample:

int myfunc(
    __out char*  output, 
    __in  size_t given, 
    __out size_t needed_or_resulted, 
    extra params ...
){
    ... implementation
}

The needed_or_resulted can be also used to transmit how much of the given memory was used in case of success.

To be used like:

int result = myfunc(output, given, needed_or_resulted, extra params ...);
if(result == OK) {
    // all ok, do what you need done with result of size "needed_or_resulted" on "output"
} else if(result == ERROR_NOT_ENOUGH_MEMORY) {
    output = malloc(needed ...
    result = myfunc(output, given, needed_or_resulted, extra params ...);
    if(result == OK) {
        // all ok, do what you need done with result of size "needed_or_resulted" on "output"
    } else if(result == ERROR_OTHER) {
        // handle other possible errors
    } else {
        // handle unknown error
    }
} else if(result == ERROR_OTHER) {
    // handle other possible errors
} else {
    // handle unknown error
}

Answer 2

The latter is better because it clues in the caller about who is responsible for freeing the memory. The former causes big problems if the caller and callee use different malloc implementations (e.g. on Windows, debug and release often use incompatible memory models).