From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38923) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKogJ-0002ty-Ob for qemu-devel@nongnu.org; Thu, 30 Jul 2015 10:19:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZKogD-0000bH-Tv for qemu-devel@nongnu.org; Thu, 30 Jul 2015 10:19:35 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45312) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKogD-0000aa-MQ for qemu-devel@nongnu.org; Thu, 30 Jul 2015 10:19:29 -0400 References: <1435782155-31412-1-git-send-email-armbru@redhat.com> <1435782155-31412-30-git-send-email-armbru@redhat.com> <55B025B9.2060004@redhat.com> <87zj2gohv1.fsf@blackfin.pond.sub.org> <55B79754.6090609@redhat.com> <87y4hzicto.fsf@blackfin.pond.sub.org> <55B8F40E.9020301@redhat.com> <877fpic20s.fsf@blackfin.pond.sub.org> From: Eric Blake Message-ID: <55BA3270.90309@redhat.com> Date: Thu, 30 Jul 2015 08:19:28 -0600 MIME-Version: 1.0 In-Reply-To: <877fpic20s.fsf@blackfin.pond.sub.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CjccacCqCKBoNRsC4RcvN190iH9SMTpTB" Subject: Re: [Qemu-devel] [PATCH RFC v2 29/47] qapi: Replace dirty is_c_ptr() by method c_null() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster Cc: kwolf@redhat.com, berto@igalia.com, qemu-devel@nongnu.org, mdroth@linux.vnet.ibm.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CjccacCqCKBoNRsC4RcvN190iH9SMTpTB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 07/29/2015 11:22 AM, Markus Armbruster wrote: > Eric Blake writes: >=20 >> On 07/29/2015 02:32 AM, Markus Armbruster wrote: >> >>>>> 2. We can leak retval only when qmp_FOO() returns non-null and loca= l_err >>>>> is non-null. This must not happen, because: >>>>> >>>>> a. local_err must be null before the call, and >>>>> >>>>> b. the call must not return non-null when it sets local_err. >>>> >>>> We don't state that contract anywhere, but I doubt any of the qmp_FO= O() >>>> functions violate it, so it is worth making it part of the contract.= >>> >>> It's a general Error API rule: set an error exactly on failure. It >>> applies to any function returning errors through an Error **errp >>> parameter, and we generally don't bother to spell it out for the >>> individual functions. >>> >>> The part that needs to be spelling out is what success and failure me= an. >>> A qmp_FOO() returning an object returns null on failure. For qmp_FOO(), this is a reasonable contract. But our very own generated code does not follow these rules: visit_type_FOO() can assign into *obj even when setting an error, if it encounters a parse error halfway through the struct, leaving the caller responsible to still clean up the mess if it wants to avoid a memory leak. Maybe that means our generated code needs to be reworked to properly clean up on a failed parse, such that *obj is guaranteed to be NULL if an error is returned. As a separate patch, of course. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --CjccacCqCKBoNRsC4RcvN190iH9SMTpTB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJVujJwAAoJEKeha0olJ0Nq7AMH/jdeLy3VFP8agvwzt3RNlpkE f9L7vGknmBoI6Kp0ahLu2vEMh7T7yuJOpLg24P+MPJliLGaRGWV81hRst1Eq0xTW argauR/ahlPFxN5PuqWxHsGQlNQfpAwDcvddO14M0lnlR32MUJhlL0X4MkLHkvRr 847kA5mZW8miu7/GSCWe4cYeOlF3pVUuqFkO7Gr/x+qDzAuEXUtuY8577ba5tDGN BhVqfNyfUWQ8PIn2hod2hqNCF738UaaEDN3U4129fJNqhrNLpM8WHocR6V3YE7cX piTIrIOWCXX5VAjuHbcEHOybDi91ozmhZPQL+IizPJ0mOm2b4YCj5u8OG9vv6ys= =aPf8 -----END PGP SIGNATURE----- --CjccacCqCKBoNRsC4RcvN190iH9SMTpTB--