From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1M6B9I-00023N-Qj
	for qemu-devel@nongnu.org; Mon, 18 May 2009 18:17:32 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1M6B9D-00022u-8w
	for qemu-devel@nongnu.org; Mon, 18 May 2009 18:17:31 -0400
Received: from [199.232.76.173] (port=52976 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1M6B9D-00022r-23
	for qemu-devel@nongnu.org; Mon, 18 May 2009 18:17:27 -0400
Received: from mx2.redhat.com ([66.187.237.31]:34411)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <ehabkost@redhat.com>) id 1M6B9C-0005Ur-KZ
	for qemu-devel@nongnu.org; Mon, 18 May 2009 18:17:26 -0400
Date: Mon, 18 May 2009 19:17:05 -0300
From: Eduardo Habkost <ehabkost@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] fix qemu_malloc() error check for size==0
Message-ID: <20090518221705.GO2079@blackpad>
References: <1242678676-19439-1-git-send-email-ehabkost@redhat.com>
	<Pine.LNX.4.64.0905190148200.3344@linmac.oyster.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.64.0905190148200.3344@linmac.oyster.ru>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: malc <av1474@comtv.ru>
Cc: qemu-devel@nongnu.org

On Tue, May 19, 2009 at 01:56:55AM +0400, malc wrote:
> On Mon, 18 May 2009, Eduardo Habkost wrote:
> 
> > This patch is similar to a previous qemu_realloc() fix
> > (commit 322691a5c9f1c8531554148d47c078b5be590805), but for qemu_malloc().
> > 
> > malloc(0) may correctly return NULL if size==0. We don't want to abort qemu on
> > this case.
> 
> Only it wouldn't (on Linux):
> 
> $ cat malloc.c
> #include <stdlib.h>
> 
> int main (void)
> {
>     printf ("%p\n", malloc (0));
>     return 0;
> }
> $ gcc malloc.c
> $ ./a.out 
> 0x10011008
> 
> Standard (in 7.20.3) says that malloc's behaviour in case of size being
> zero is implementation defined.
> 
> Try `git show 63c75dcd669d011f438421980b4379827da4bb1c'.
> 
> The best(only?) thing to do is to check size passed to qemu_malloc[z]
> and abort the program if this situation is encountered.

Why? malloc(0) is as valid as realloc(p, 0). It will either return NULL
or a pointer, and on any case the value can be safely passed to free()
later.

-- 
Eduardo