From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36475) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XJQ7K-00077s-KY for qemu-devel@nongnu.org; Mon, 18 Aug 2014 12:49:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XJQ7E-0006b2-FI for qemu-devel@nongnu.org; Mon, 18 Aug 2014 12:49:10 -0400 Received: from mx1.redhat.com ([209.132.183.28]:55799) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XJQ7E-0006ac-5m for qemu-devel@nongnu.org; Mon, 18 Aug 2014 12:49:04 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s7IGn3qq021419 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 18 Aug 2014 12:49:03 -0400 Message-ID: <53F22E7B.6090503@redhat.com> Date: Mon, 18 Aug 2014 18:48:59 +0200 From: Max Reitz MIME-Version: 1.0 References: <1408378243-19713-1-git-send-email-armbru@redhat.com> <1408378243-19713-3-git-send-email-armbru@redhat.com> In-Reply-To: <1408378243-19713-3-git-send-email-armbru@redhat.com> Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH v2 2/4] block: Use g_new() & friends to avoid multiplying sizes List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster , qemu-devel@nongnu.org Cc: kwolf@redhat.com, stefanha@redhat.com On 18.08.2014 18:10, Markus Armbruster wrote: > g_new(T, n) is safer than g_malloc(sizeof(*v) * n) for two reasons. > One, it catches multiplication overflowing size_t. Two, it returns > T * rather than void *, which lets the compiler catch more type > errors. > > Perhaps a conversion to g_malloc_n() would be neater in places, but > that's merely four years old, and we can't use such newfangled stuff. > > This commit only touches allocations with size arguments of the form > sizeof(T), plus two that use 4 instead of sizeof(uint32_t). We can > make the others safe by converting to g_malloc_n() when it becomes > available to us in a couple of years. > > Signed-off-by: Markus Armbruster > --- > block/bochs.c | 2 +- > block/parallels.c | 2 +- > block/qcow2-cache.c | 2 +- > block/qed-check.c | 3 +-- > block/rbd.c | 2 +- > block/sheepdog.c | 2 +- > hw/block/nvme.c | 8 ++++---- > qemu-io-cmds.c | 10 +++++----- > 8 files changed, 15 insertions(+), 16 deletions(-) [snip] > diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c > index 3a1e11e..afd8867 100644 > --- a/qemu-io-cmds.c > +++ b/qemu-io-cmds.c > @@ -29,7 +29,7 @@ static int compare_cmdname(const void *a, const void *b) > > void qemuio_add_command(const cmdinfo_t *ci) > { > - cmdtab = g_realloc(cmdtab, ++ncmds * sizeof(*cmdtab)); > + cmdtab = g_renew(cmdinfo_t, cmdtab, ++ncmds); > cmdtab[ncmds - 1] = *ci; > qsort(cmdtab, ncmds, sizeof(*cmdtab), compare_cmdname); > } > @@ -122,7 +122,7 @@ static char **breakline(char *input, int *count) > continue; > } > c++; > - tmp = g_realloc(rval, sizeof(*rval) * (c + 1)); > + tmp = g_renew(char *, rval, (c + 1)); > if (!tmp) { > g_free(rval); > rval = NULL; Not really relevant for this patch, but: g_renew() never returns NULL if n_structs (c + 1) is non-zero, does it? So this if block here should be unnecessary, I think. Anyway: Reviewed-by: Max Reitz