|
From: | Gerd Hoffmann |
Subject: | Re: [Qemu-devel] [PATCH] use qemu_malloc and friends consistently |
Date: | Fri, 29 May 2009 20:41:53 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3pre) Gecko/20090513 Fedora/3.0-2.3.beta2.fc11 Lightning/1.0pre Thunderbird/3.0b2 |
On 05/29/09 19:17, Julian Seward wrote:
On Friday 29 May 2009, Paul Brook wrote:The best way to find broken code is to have qemu_malloc(0) abort, and avoid ever trying to allocate a zero size block.+1 for that. Code that relies on malloc(0) doing any specific thing is basically bad news when it comes to portability, robustness and understandability.
The *only* thing you can rely on is that the value returned by malloc(0) can be passed to free() without trouble.
Code like this ... buf = malloc(len); for (i = 0; i < len; i++) do_something_with(buf[i]); free(buf);... works perfectly fine for len=0, no matter how malloc(0) is actually implemented because buf is never ever dereferenced then.
With the current qemu_malloc() implementation it will abort instead and you'll have to add extra code to make len=0 a special case for IMO no good reason.
Better to have qemu_malloc(0) abort, put up with a couple of days of the trunk aborting, until these uses are fixed.
Oh, such cases could very well be outside the common code paths, so it doesn't explode instantly for everybody. They'll be time bombs instead.
cheers, Gerd
[Prev in Thread] | Current Thread | [Next in Thread] |