From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:36973)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1SzpUR-0002Mc-3m
	for qemu-devel@nongnu.org; Fri, 10 Aug 2012 09:42:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1SzpUO-0005Uo-5c
	for qemu-devel@nongnu.org; Fri, 10 Aug 2012 09:42:59 -0400
Date: Fri, 10 Aug 2012 14:42:45 +0100
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20120810134245.GC14122@stefanha-thinkpad.localdomain>
References: <1344570866-28595-1-git-send-email-peter.crosthwaite@petalogix.com>
	<1344570866-28595-2-git-send-email-peter.crosthwaite@petalogix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1344570866-28595-2-git-send-email-peter.crosthwaite@petalogix.com>
Subject: Re: [Qemu-devel] [PATCH] device_tree: load_device_tree(): Allow
 NULL sizep
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Peter A. G. Crosthwaite" <peter.crosthwaite@petalogix.com>
Cc: qemu-trivial@nongnu.org, agraf@suse.de, qemu-devel@nongnu.org

On Fri, Aug 10, 2012 at 01:54:26PM +1000, Peter A. G. Crosthwaite wrote:
> The sizep arg is populated with the size of the loaded device tree. Since this
> is one of those informational "please populate" type arguments it should be
> optional. Guarded writes to *sizep against NULL accordingly.
> 
> Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
> Acked-by: Alexander Graf <agraf@suse.de>
> ---
>  device_tree.c |    8 ++++++--
>  1 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/device_tree.c b/device_tree.c
> index d7a9b6b..641a48a 100644
> --- a/device_tree.c
> +++ b/device_tree.c
> @@ -71,7 +71,9 @@ void *load_device_tree(const char *filename_path, int *sizep)
>      int ret;
>      void *fdt = NULL;
>  
> -    *sizep = 0;
> +    if (sizep) {
> +        *sizep = 0;
> +    }
>      dt_size = get_image_size(filename_path);
>      if (dt_size < 0) {
>          printf("Unable to get size of device tree file '%s'\n",
> @@ -104,7 +106,9 @@ void *load_device_tree(const char *filename_path, int *sizep)
>              filename_path);
>          goto fail;
>      }
> -    *sizep = dt_size;
> +    if (sizep) {
> +        *sizep = dt_size;
> +    }

What can the caller do with this void* buffer without knowing its size?

They cannot hand the buffer to the guest unless they duplicate the
get_image_size() call, which is pointless, or we're assuming a fixed
size, which is unsafe.  I'm asking what the legitimate use case for
sizep == NULL is?

Stefan