From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NHLyH-0001C7-3y
	for qemu-devel@nongnu.org; Sun, 06 Dec 2009 13:36:37 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NHLyB-00016W-T3
	for qemu-devel@nongnu.org; Sun, 06 Dec 2009 13:36:36 -0500
Received: from [199.232.76.173] (port=47591 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NHLyB-00016S-NT
	for qemu-devel@nongnu.org; Sun, 06 Dec 2009 13:36:31 -0500
Received: from mail2.shareable.org ([80.68.89.115]:45294)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <jamie@shareable.org>) id 1NHLyB-0005Vx-Ag
	for qemu-devel@nongnu.org; Sun, 06 Dec 2009 13:36:31 -0500
Date: Sun, 6 Dec 2009 18:36:29 +0000
From: Jamie Lokier <jamie@shareable.org>
Subject: Re: [Qemu-devel] [PATCH] Permit zero-sized qemu_malloc() & friends
Message-ID: <20091206183629.GB1021@shareable.org>
References: <m3skbwxgkp.fsf@crossbow.pond.sub.org>
	<4B193DA5.6040507@codemonkey.ws> <4B1A9359.8080305@redhat.com>
	<4B1A9811.8020108@codemonkey.ws> <4B1A9AF9.8000107@redhat.com>
	<4B1A9E39.2030602@codemonkey.ws> <4B1AA110.8030600@redhat.com>
	<4B1AC96B.7060007@codemonkey.ws> <4B1ADE14.2070809@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B1ADE14.2070809@redhat.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Avi Kivity <avi@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org, Paul Brook <paul@codesourcery.com>

Avi Kivity wrote:
> A NEW(type) and ARRAY_NEW(type, count) marcros would improve type safety
> and plug a dormant buffer overflow due to multiplication overflow, yes.  
> Even qemu_calloc() would be an improvement.

In my code I regularly use type_alloc(type) and type_free(type, ptr),
giving type safety at both ends (and possibility to optimise
allocations, but that's separate).

If you have ARRAY_NEW(type, count) which permits count to be zero and
returns a non-NULL result, I wonder, why is it ok to convert zero
count to a guaranteed non-NULL unique result, but not do that for
sizeof(type) (or just size)?

-- Jamie