[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v15 23/23] qapi: Change visit_type_FOO() to no l

From: Markus Armbruster
Subject: Re: [Qemu-devel] [PATCH v15 23/23] qapi: Change visit_type_FOO() to no longer return partial objects
Date: Thu, 28 Apr 2016 19:42:16 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Eric Blake <address@hidden> writes:

> Returning a partial object on error is an invitation for a careless
> caller to leak memory.  We already fixed things in an earlier
> patch to guarantee NULL if visit_start fails ("qapi: Guarantee
> NULL obj on input visitor callback error"), but that does not
> help the case where visit_start succeeds but some other failure
> happens before visit_end, such that we leak a partially constructed
> object outside visit_type_FOO(). As no one outside the testsuite
> was actually relying on these semantics, it is cleaner to just
> document and guarantee that ALL pointer-based visit_type_FOO()
> functions always leave a safe value in *obj during an input visitor
> (either the new object on success, or NULL if an error is
> encountered), so callers can now unconditionally use
> qapi_free_FOO() to clean up regardless of whether an error occurred.
> The decision is done by adding visit_is_input(), then updating the
> generated code to check if additional cleanup is needed based on
> the type of visitor in use.
> Note that we still leave *obj unchanged after a scalar-based
> visit_type_FOO(); I did not feel like auditing all uses of
> visit_type_Enum() to see if the callers would tolerate a specific
> sentinel value (not to mention having to decide whether it would
> be better to use 0 or ENUM__MAX as that sentinel).
> Signed-off-by: Eric Blake <address@hidden>
> diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
> index e6d57f3..b30a22e 100644
> --- a/qapi/qapi-visit-core.c
> +++ b/qapi/qapi-visit-core.c
> @@ -48,6 +48,7 @@ void visit_end_struct(Visitor *v)
>      v->end_struct(v);
>  }
> +
>  void visit_start_list(Visitor *v, const char *name, GenericList **list,
>                        size_t size, Error **errp)
>  {

Spurious hunk.  Can drop on commit.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]