From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MA2Rk-00016j-UK
	for qemu-devel@nongnu.org; Fri, 29 May 2009 09:48:32 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MA2Rg-0000wm-Qi
	for qemu-devel@nongnu.org; Fri, 29 May 2009 09:48:32 -0400
Received: from [199.232.76.173] (port=52395 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MA2Rg-0000wE-JY
	for qemu-devel@nongnu.org; Fri, 29 May 2009 09:48:28 -0400
Received: from mx2.redhat.com ([66.187.237.31]:57096)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <kraxel@redhat.com>) id 1MA2Rg-0002ME-0s
	for qemu-devel@nongnu.org; Fri, 29 May 2009 09:48:28 -0400
Message-ID: <4A1FE71E.6040504@redhat.com>
Date: Fri, 29 May 2009 15:46:06 +0200
From: Gerd Hoffmann <kraxel@redhat.com>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH] use qemu_malloc and friends consistently
References: <200905290758.11551.jcd@tribudubois.net>
	<Pine.LNX.4.64.0905291506340.3744@linmac.oyster.ru>
	<4A1FD6E2.9020006@redhat.com>
	<200905291407.26757.paul@codesourcery.com>
In-Reply-To: <200905291407.26757.paul@codesourcery.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paul Brook <paul@codesourcery.com>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-devel@nongnu.org, Jean-Christophe Dubois <jcd@tribudubois.net>

On 05/29/09 15:07, Paul Brook wrote:
> The best way to find broken code is to have qemu_malloc(0) abort, and avoid
> ever trying to allocate a zero size block.

Forces all call sizes where size=0 is a perfectly legal case add extra 
code to prevent qemu from aborting, i.e. replace

   ptr = qemu_malloc(len);

with

   if (len) {
     ptr = qemu_malloc(len);
   } else {
     ptr = NULL; /* make sure we don't pass garbage to qemu_free() */
   }

> If you want maximize chances of catching accidental mistakes as early as
> possible then you should have malloc(0) abort, because it probably means
> someone forgot tho consider the empty case.

I don't share the assumption that malloc(0) is a bug in most cases.  And 
on the other hand the slightly different behavior might actually 
introduce bugs because people assume qemu_malloc() works like malloc().

cheers,
   Gerd