Re: [Qemu-devel] qtest protocol: should memset/read/write etc of a size of 0 bytes be permitted?

[Eric Blake <eblake@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1571 bytes --]

On 08/04/2016 12:46 PM, Peter Maydell wrote:
> I've upgraded to a more recent version of clang, which now produces
> undefined-behaviour warnings for passing NULL pointers to some library
> functions. One of the things it has shown up is that some of the
> qtest tests ask for "memset" with size zero. In our current implementation
> this results in qtest.c calling g_malloc(0), which returns NULL, and

I never understood why glib made that choice on g_malloc(0). I would
much prefer it to ALWAYS return something, just as glibc malloc(0) does.

> then calling memset(NULL, chr, 0), which is UB.

Indeed, although I really wish POSIX could be loosened to say that the
source pointer is untouched if the length is 0 (I've debated about
filing a POSIX bug report to that effect, but have not done so yet), so
that the UB only happens when passing NULL with a non-zero size.

> 
> So should we:
> (1) declare the qtest protocol commands 'memset', 'read', 'write'
> etc which operate on a lump of guest memory of specified size to
> support size == 0 as meaning "do nothing"

My preference - even if we have to special case things to avoid UB at
the lower level, presenting well-defined behavior at the upper level is
easier to think about.

> (2) declare that size == 0 is not valid and make it return a failure
> code back down the qtest pipe (and fix the offending tests)

Doable, but not as fun to audit, and not my preference.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]