From: Eduardo Habkost <ehabkost@redhat.com>
To: malc <av1474@comtv.ru>
Cc: Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] fix qemu_malloc() error check for size==0
Date: Tue, 19 May 2009 11:44:24 -0300 [thread overview]
Message-ID: <20090519144424.GD4254@blackpad> (raw)
In-Reply-To: <Pine.LNX.4.64.0905191830460.4014@linmac.oyster.ru>
On Tue, May 19, 2009 at 06:37:18PM +0400, malc wrote:
> On Tue, 19 May 2009, Eduardo Habkost wrote:
>
> > On Tue, May 19, 2009 at 05:00:27PM +0400, malc wrote:
> > > On Tue, 19 May 2009, Markus Armbruster wrote:
> > <snip>
> > > > > IOW making qemu_malloc[z]
> > > > > return whatever the underlying system returns is just hiding the bugs,
> > > > > the code becomes unportable.
> > > >
> > > > Matter of taste.
> > > >
> > > > 1. Deal with the implementation-definedness. Every caller that could
> > > > pass zero needs to take care not to confuse empty allocation with an
> > > > out of memory condition.
> > > >
> > > > This is easier than it sounds when you check for out of memory in
> > > > just one place, like we do.
> > > >
> > > > 2. Remove the implementation-definedness. Easiest way is to detect zero
> > > > size in a wrapper (for us: qemu_malloc()) and bump it to one.
> > >
> > > And mine:
> > > 3. Abort the program if somebody tries it. Because so far history thought
> > > me that nobody does 1.
> >
> > Are you sure about that? There may be cases where qemu_malloc(0) is
> > called correctly, without the wrong assumptions about the returned
> > value.
> >
> > You are proposing to make the qemu_malloc() API behavior diverge from
> > the standard C malloc() behavior and prevent usage that is valid for
> > malloc()/free() usage. Do you volunteer to audit all Qemu code to make
> > sure the new behavior is safe? ;)
>
> That's the problem standard C does _not_ define the behaviour, and leaves
> that to implementation.
The only thing it doesn't define is either the returned pointer is NULL
or not, and that doesn't make malloc(0) automatically unportable,
because all the rest is perfectly defined:
1) You can't dereference the pointer (just like you can't
dereference p[n] on a malloc(n) block)
2) You should pass the returned pointer to free() later
> As for audit, that's precisely what aborting on
> zero will try (and fail) to accomplish the offenders will be (given
> unlimited time) caught.
My point is that malloc(0) is not a bug, and I don't see a reason to
make it an offense and diverge from standard malloc() and free().
> oom_check was added despite the fact that there
> were places that correctly handled malloc's returning NULL. And i for
> one do not know if there are/were places that called qemu_malloc with
> zero and expected Linux behaviour.
I agree that expecting the Linux behaviour (non-NULL) is a bug. My point
is that there is no reason to consider malloc(0) a bug.
--
Eduardo
next prev parent reply other threads:[~2009-05-19 14:44 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-18 20:31 [Qemu-devel] [PATCH] fix qemu_malloc() error check for size==0 Eduardo Habkost
2009-05-18 21:56 ` malc
2009-05-18 22:17 ` Eduardo Habkost
2009-05-19 0:17 ` malc
2009-05-19 6:44 ` Markus Armbruster
2009-05-19 13:00 ` malc
2009-05-19 13:37 ` Markus Armbruster
2009-05-19 14:06 ` malc
2009-05-19 14:28 ` Eduardo Habkost
2009-05-19 14:48 ` malc
2009-05-19 14:56 ` Eduardo Habkost
2009-05-19 15:23 ` malc
2009-05-19 15:43 ` Eduardo Habkost
2009-05-19 20:32 ` Jamie Lokier
2009-05-19 22:12 ` Eduardo Habkost
2009-05-19 22:49 ` Jamie Lokier
2009-05-20 3:28 ` Eduardo Habkost
2009-05-19 20:31 ` Jamie Lokier
2009-05-19 16:09 ` Markus Armbruster
2009-05-19 14:02 ` Eduardo Habkost
2009-05-19 14:37 ` malc
2009-05-19 14:44 ` Eduardo Habkost [this message]
2009-05-19 14:55 ` malc
2009-05-19 16:44 ` [PATCH] Make qemu_alloc()/qemu_realloc() return NULL for size==0 (was Re: [Qemu-devel] [PATCH] fix qemu_malloc() error check for size==0) Eduardo Habkost
2009-05-19 18:40 ` malc
2009-05-19 19:38 ` Eduardo Habkost
2009-05-19 20:34 ` Jamie Lokier
2009-05-20 8:00 ` Kevin Wolf
2009-05-20 9:30 ` [Qemu-devel] Re: [PATCH] Make qemu_alloc()/qemu_realloc() return NULL for size==0 Markus Armbruster
2009-05-20 18:20 ` malc
2009-05-19 20:37 ` [Qemu-devel] [PATCH] fix qemu_malloc() error check " Jamie Lokier
2009-05-19 13:52 ` Eduardo Habkost
2009-05-19 14:39 ` malc
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090519144424.GD4254@blackpad \
--to=ehabkost@redhat.com \
--cc=armbru@redhat.com \
--cc=av1474@comtv.ru \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).