[jefftk]

You have "free(buf_2); // Safe if null", but if CHECK(buf_1) turns into a "goto error", won't buf_2 be uninitialized? And so can take on any value?

[davidwf]

You are correct, will edit. C is hard, writing C in the browser sans coffee is harder. :-)

[jefftk]

I do think this illustrates one of the issues with goto: normally the compiler would be able to warn that you were using buf2 potentially uninitialized, but I think you wouldn't get a warning in this case.

[Jtsummers]

One of the examples in the linked article showed the compiler emitting a warning when a variable wasn't initialized because the goto skipped past that line, it's in 31.7. I don't know what compilers will or will not give you that warning, but at least the one used for the article does. So it ought to catch the problem with the initial version of the example above as well.

[lilyball]

The Clang Static Analyzer could probably find this, if the compiler itself doesn't notice.