The existing method signatures return owned raw pointers. This makes it easy for callers to leak said pointers, especially on error.