[PATCH] Pointer should be checked before use

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Pointer should be checked before use
@ 2008-01-09  4:20 Yang, Xiaowei
  2008-01-09  8:38 ` Keir Fraser
  2008-01-09 10:09 ` Ian Jackson
  0 siblings, 2 replies; 6+ messages in thread
From: Yang, Xiaowei @ 2008-01-09  4:20 UTC (permalink / raw)
  To: xen-devel

Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>

diff -r c70d47b78f65 -r 89710484b825 tools/libxc/xc_linux.c
--- a/tools/libxc/xc_linux.c    Tue Jan 08 02:30:24 2008 +0800
+++ b/tools/libxc/xc_linux.c    Tue Jan 08 05:37:23 2008 +0800
@@ -472,7 +472,10 @@ void *xc_gnttab_map_grant_refs(int xcg_h
     struct ioctl_gntdev_map_grant_ref *map;
     void *addr = NULL;
     int i;
-
+
+    if ( domids == NULL || refs == NULL )
+        return NULL;
+
     map = malloc(sizeof(*map) +
                  (count-1) * sizeof(struct
ioctl_gntdev_map_grant_ref));
     if ( map == NULL )

Regards, 
Xiaowei 

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Pointer should be checked before use
  2008-01-09  4:20 [PATCH] Pointer should be checked before use Yang, Xiaowei
@ 2008-01-09  8:38 ` Keir Fraser
  2008-01-09 10:09 ` Ian Jackson
  1 sibling, 0 replies; 6+ messages in thread
From: Keir Fraser @ 2008-01-09  8:38 UTC (permalink / raw)
  To: Yang, Xiaowei, xen-devel

Perhaps the caller should not pass NULL pointers?

 -- Keir

On 9/1/08 04:20, "Yang, Xiaowei" <xiaowei.yang@intel.com> wrote:

> Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
> 
> diff -r c70d47b78f65 -r 89710484b825 tools/libxc/xc_linux.c
> --- a/tools/libxc/xc_linux.c    Tue Jan 08 02:30:24 2008 +0800
> +++ b/tools/libxc/xc_linux.c    Tue Jan 08 05:37:23 2008 +0800
> @@ -472,7 +472,10 @@ void *xc_gnttab_map_grant_refs(int xcg_h
>      struct ioctl_gntdev_map_grant_ref *map;
>      void *addr = NULL;
>      int i;
> -
> +
> +    if ( domids == NULL || refs == NULL )
> +        return NULL;
> +
>      map = malloc(sizeof(*map) +
>                   (count-1) * sizeof(struct
> ioctl_gntdev_map_grant_ref));
>      if ( map == NULL )
> 
> Regards, 
> Xiaowei 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Pointer should be checked before use
  2008-01-09  4:20 [PATCH] Pointer should be checked before use Yang, Xiaowei
  2008-01-09  8:38 ` Keir Fraser
@ 2008-01-09 10:09 ` Ian Jackson
  2008-01-09 14:37   ` Yang, Xiaowei
  1 sibling, 1 reply; 6+ messages in thread
From: Ian Jackson @ 2008-01-09 10:09 UTC (permalink / raw)
  To: Yang, Xiaowei, Keir Fraser; +Cc: xen-devel

Yang, Xiaowei writes ("[Xen-devel] [PATCH] Pointer should be checked before use"):
> +    if ( domids == NULL || refs == NULL )
> +        return NULL;

Callers should not pass null pointers.  If they do it is better for
the program to explode sooner than later; that makes tracking the
fault much easier.

So this kind of check, turning incoming null pointers into error
returns, is a bad idea.

Ian.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: [PATCH] Pointer should be checked before use
  2008-01-09 10:09 ` Ian Jackson
@ 2008-01-09 14:37   ` Yang, Xiaowei
  2008-01-09 15:26     ` Ian Jackson
  0 siblings, 1 reply; 6+ messages in thread
From: Yang, Xiaowei @ 2008-01-09 14:37 UTC (permalink / raw)
  To: Ian Jackson, Keir Fraser; +Cc: xen-devel

>Callers should not pass null pointers.  If they do it is better for
>the program to explode sooner than later; that makes tracking the
>fault much easier.
>
>So this kind of check, turning incoming null pointers into error
>returns, is a bad idea.
>

That may be better for debug tracking to let the caller process
segfault:). However, IMO as a function it's almost always a good
practice to check the parameters' validation before using it. Returning
an error if the caller passes invalid arguments is a more normal
behavior than directly letting the process be killed due to no argument
check. It may be too strict.

Regards,
Xiaowei

^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: [PATCH] Pointer should be checked before use
  2008-01-09 14:37   ` Yang, Xiaowei
@ 2008-01-09 15:26     ` Ian Jackson
  2008-01-09 15:36       ` Samuel Thibault
  0 siblings, 1 reply; 6+ messages in thread
From: Ian Jackson @ 2008-01-09 15:26 UTC (permalink / raw)
  To: Yang, Xiaowei; +Cc: xen-devel

Yang, Xiaowei writes ("RE: [Xen-devel] [PATCH] Pointer should be checked before use"):
> That may be better for debug tracking to let the caller process
> segfault:). However, IMO as a function it's almost always a good
> practice to check the parameters' validation before using it. Returning
> an error if the caller passes invalid arguments is a more normal
> behavior than directly letting the process be killed due to no argument
> check. It may be too strict.

I disagree most strongly.  In C, anyone calling a function must
conform to its interface to avoid programs crashing (or even doing
worse things).

Turning null pointers on input, where they are not permitted, to null
pointers on output or to error codes, just postpones the problem -
after all the caller is probably expecting a null pointer back.  So
the program is going to crash or malfunction anyway.

Even disregarding the fact that debugging the problem is much easier
if the crash happens right away, it is far better to kill it sooner
before it does any damage.

(Typically people who write code which checks for error returns also
avoid passing bogus arguments in the first place.)

Ian.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Pointer should be checked before use
  2008-01-09 15:26     ` Ian Jackson
@ 2008-01-09 15:36       ` Samuel Thibault
  0 siblings, 0 replies; 6+ messages in thread
From: Samuel Thibault @ 2008-01-09 15:36 UTC (permalink / raw)
  To: Ian Jackson; +Cc: xen-devel, Yang, Xiaowei

Ian Jackson, le Wed 09 Jan 2008 15:26:04 +0000, a écrit :
> (Typically people who write code which checks for error returns also
> avoid passing bogus arguments in the first place.)

And typically people who pass bogus arguments don't bother checking for
errors that functions may return :)

Samuel

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2008-01-09 15:36 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-09  4:20 [PATCH] Pointer should be checked before use Yang, Xiaowei
2008-01-09  8:38 ` Keir Fraser
2008-01-09 10:09 ` Ian Jackson
2008-01-09 14:37   ` Yang, Xiaowei
2008-01-09 15:26     ` Ian Jackson
2008-01-09 15:36       ` Samuel Thibault

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.