Re: [PATCH] libxl: handle null lists in libxl_string_list_length

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Matthew Daley <mattjd@gmail.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Ian Campbell <Ian.Campbell@citrix.com>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: [PATCH] libxl: handle null lists in libxl_string_list_length
Date: Fri, 27 Sep 2013 09:28:17 -0400	[thread overview]
Message-ID: <524587F1.6050406@oracle.com> (raw)
In-Reply-To: <CA+nUz_JnkZorb_cTnSwBaiRuNG8gOiYMHTc-hvsJC48DCadtzw@mail.gmail.com>

On 09/27/2013 09:14 AM, Matthew Daley wrote:
> On Sat, Sep 28, 2013 at 12:28 AM, Ian Campbell <Ian.Campbell@citrix.com> wrote:
>> On Sat, 2013-09-28 at 00:20 +1200, Matthew Daley wrote:
>>> On Sat, Sep 28, 2013 at 12:08 AM, Boris Ostrovsky
>>> <boris.ostrovsky@oracle.com> wrote:
>>>> ----- mattjd@gmail.com wrote:
>>>>
>>>>> After commit b0be2b12 ("libxl: fix libxl_string_list_length and its
>>>>> only
>>>>> caller") libxl_string_list_length no longer handles null (empty)
>>>>> lists. Fix
>>>>> so they are handled, returning length 0.
>>>>>
>>>>> While at it, remove the unneccessary undereferenced null pointer
>>>>> check
>>>> Are you sure this check should be removed? This routine can be called
>>>> from anywhere (at least within libxl it seems) and one day someone will
>>>> call it with NULL argument.
>>>>
>>>> I'd probably leave this check in.
>>> I would argue that any such invocation would be an error by the caller
>>> and should fail noisily, similar to how passing NULL into strlen
>>> should not return 0. libxl_{string,key_value}_list_dispose similarly
>>> assumes non-NULL pointers, FWIW.
>>>
>>> Ian C., do you have an opinion either way?
>> I think a zero length list is a bit different to a NULL string and
>> should return 0.
> Perhaps it was a bad analogy, but passing NULL to this function isn't
> giving it an empty list, it's giving it no (NULL!) list. We don't
> check for null pointers everywhere else non-optional pointers are
> passed (at least, we shouldn't be, IMO...)

What if someone assigns 'libxl_string_list *psl = NULL' if, say,
main()'s argc is 1 (i.e. there is no argument list) and then, later, calls
libxl_string_list_length(psl) to find out whether something needs
to be allocated for the list. Isn't getting a zero back an expected
answer?

(I am afraid we are approaching rathole territory here.)

-boris

>
>> But libxl_string_list is already char** so this function is taking
>> char***. The check for char *** == NULL, which is being removed, appears
>> to be unnecessary. A zero length list would be char ** == NULL, which
>> should be handled (and is I think?). char * == NULL would be a "" entry
>> in the string list.
> This was my intention in this patch; only the char *** == NULL check
> is removed, and the char ** == NULL for empty lists is handled by the
> newly added if condition.
>
> But char * == NULL doesn't mean an "" entry, doesn't it instead mark
> the end of the list (see xlu_cfg_get_list_as_string_list for example)?
> This is currently being checked for in the while loop condition. To
> continue using your notation, instead char == NULL is an empty string
> value in the list.
>
>> Confused? I know I am ;-)
> :)
>
> - Matthew
>
>> Ian.
>>

next prev parent reply	other threads:[~2013-09-27 13:28 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-27 12:08 [PATCH] libxl: handle null lists in libxl_string_list_length Boris Ostrovsky
2013-09-27 12:20 ` Matthew Daley
2013-09-27 12:23   ` Andrew Cooper
2013-09-27 12:28   ` Ian Campbell
2013-09-27 13:14     ` Matthew Daley
2013-09-27 13:28       ` Boris Ostrovsky [this message]
2013-09-27 14:15         ` Ian Campbell
  -- strict thread matches above, loose matches on Subject: below --
2013-09-27 11:29 Matthew Daley
2013-10-03 13:42 ` Ian Campbell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=524587F1.6050406@oracle.com \
    --to=boris.ostrovsky@oracle.com \
    --cc=Ian.Campbell@citrix.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=mattjd@gmail.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.