From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1M6PtX-0003j7-4o
	for qemu-devel@nongnu.org; Tue, 19 May 2009 10:02:15 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1M6PtS-0003XH-9R
	for qemu-devel@nongnu.org; Tue, 19 May 2009 10:02:14 -0400
Received: from [199.232.76.173] (port=50998 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1M6PtS-0003Wt-3t
	for qemu-devel@nongnu.org; Tue, 19 May 2009 10:02:10 -0400
Received: from mx2.redhat.com ([66.187.237.31]:59954)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <ehabkost@redhat.com>) id 1M6PtR-0003gG-B7
	for qemu-devel@nongnu.org; Tue, 19 May 2009 10:02:09 -0400
Date: Tue, 19 May 2009 11:02:01 -0300
From: Eduardo Habkost <ehabkost@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] fix qemu_malloc() error check for size==0
Message-ID: <20090519140201.GB4254@blackpad>
References: <1242678676-19439-1-git-send-email-ehabkost@redhat.com>
	<Pine.LNX.4.64.0905190148200.3344@linmac.oyster.ru>
	<20090518221705.GO2079@blackpad>
	<Pine.LNX.4.64.0905190410290.3632@linmac.oyster.ru>
	<8763fxvbfk.fsf@pike.pond.sub.org>
	<Pine.LNX.4.64.0905191635360.2165@linmac.oyster.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.64.0905191635360.2165@linmac.oyster.ru>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: malc <av1474@comtv.ru>
Cc: Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org

On Tue, May 19, 2009 at 05:00:27PM +0400, malc wrote:
> On Tue, 19 May 2009, Markus Armbruster wrote:
<snip>
> > >                                              IOW making qemu_malloc[z]
> > > return whatever the underlying system returns is just hiding the bugs,
> > > the code becomes unportable.
> > 
> > Matter of taste.
> > 
> > 1. Deal with the implementation-definedness.  Every caller that could
> >    pass zero needs to take care not to confuse empty allocation with an
> >    out of memory condition.
> > 
> >    This is easier than it sounds when you check for out of memory in
> >    just one place, like we do.
> > 
> > 2. Remove the implementation-definedness.  Easiest way is to detect zero
> >    size in a wrapper (for us: qemu_malloc()) and bump it to one.
> 
> And mine:
>   3. Abort the program if somebody tries it. Because so far history thought
>      me that nobody does 1.

Are you sure about that? There may be cases where qemu_malloc(0) is
called correctly, without the wrong assumptions about the returned
value.

You are proposing to make the qemu_malloc() API behavior diverge from
the standard C malloc() behavior and prevent usage that is valid for
malloc()/free() usage. Do you volunteer to audit all Qemu code to make
sure the new behavior is safe?  ;)

-- 
Eduardo