From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MA06W-0000GX-P6
	for qemu-devel@nongnu.org; Fri, 29 May 2009 07:18:28 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MA06R-0000B3-TN
	for qemu-devel@nongnu.org; Fri, 29 May 2009 07:18:28 -0400
Received: from [199.232.76.173] (port=33158 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MA06R-0000An-LM
	for qemu-devel@nongnu.org; Fri, 29 May 2009 07:18:23 -0400
Received: from mx2.redhat.com ([66.187.237.31]:37408)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <kwolf@redhat.com>) id 1MA06R-0001uI-5j
	for qemu-devel@nongnu.org; Fri, 29 May 2009 07:18:23 -0400
Message-ID: <4A1FC3B2.5090108@redhat.com>
Date: Fri, 29 May 2009 13:14:58 +0200
From: Kevin Wolf <kwolf@redhat.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH] use qemu_malloc and friends consistently
References: <200905290758.11551.jcd@tribudubois.net>
	<4A1F9FFE.3030100@redhat.com> <4A1FA573.4010602@codemonkey.ws>
	<Pine.LNX.4.64.0905291335130.3397@linmac.oyster.ru>
	<4A1FB37E.5040602@redhat.com>
	<Pine.LNX.4.64.0905291415010.3502@linmac.oyster.ru>
	<4A1FBA45.80902@redhat.com>
	<Pine.LNX.4.64.0905291439110.3586@linmac.oyster.ru>
	<4A1FBD9D.10400@redhat.com>
	<Pine.LNX.4.64.0905291456050.3744@linmac.oyster.ru>
In-Reply-To: <Pine.LNX.4.64.0905291456050.3744@linmac.oyster.ru>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: malc <av1474@comtv.ru>
Cc: Paul Brook <paul@codesourcery.com>, qemu-devel@nongnu.org, Jean-Christophe Dubois <jcd@tribudubois.net>

malc schrieb:
> On Fri, 29 May 2009, Kevin Wolf wrote:
> 
>> malc schrieb:
>>> On Fri, 29 May 2009, Kevin Wolf wrote:
>>>
>>>> malc schrieb:
>>>>> On Fri, 29 May 2009, Kevin Wolf wrote:
>>>>>
> 
> [..snip..]
> 
>>> Because of oom_check in qemu_malloc.
>> Ok, you're right there, of course. This is a bug in qemu_malloc and the
>> reason why we even discussed changing the check in qemu_malloc.
>>
>> But this is not qcow2's fault, so the fix should really be local to
>> qemu_malloc like it already was for qemu_realloc.
> 
> I'll rehash it one last time:
> 
> a. Original code in qcow2 did:
>    p = qemu_malloc(nb_snapshots*sizeof_snapshot);
>    if (!p) return_failure;
> 
> I.e. incorrect, when stuff==0 and platform==SYSV_derivative that picked
> return NULL on size 0 among the IDB choices that standard provides.
> 
> b. Code after oom_check went in
>    p = qemu_malloc(nb_snapshots*sizeof_snapshot);
>    /* check gone */
>    for (i = 0; i < nb_snapshots; i++)
> 
> I.e. incorrect, when stuff==0 and platform ... since oom_check would
> kill it.
> 
> So the code in qcow2 was _never_ correct, not a single time. The fact
> that it wouldn't crash since it doesn't dereference returned pointer
> was/is irrelevant.

In b, it was. It was just qemu_malloc that wasn't correct. Which is why
Eduardo sent a patch to fix it (without aborting innocent code). It
doesn't make sense to adjust all callers to work around a qemu_malloc bug.

Kevin