From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46971) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bVPQE-0004Qa-4N for qemu-devel@nongnu.org; Thu, 04 Aug 2016 16:39:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bVPQ9-0002le-SQ for qemu-devel@nongnu.org; Thu, 04 Aug 2016 16:39:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:10548) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bVPQ9-0002l7-KD for qemu-devel@nongnu.org; Thu, 04 Aug 2016 16:39:13 -0400 References: From: Eric Blake Message-ID: <57A3A7F0.3000604@redhat.com> Date: Thu, 4 Aug 2016 14:39:12 -0600 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="o2FE5SoKVg3lHb7ws3DwLKoilPueoiljA" Subject: Re: [Qemu-devel] qtest protocol: should memset/read/write etc of a size of 0 bytes be permitted? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell , QEMU Developers Cc: John Snow This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --o2FE5SoKVg3lHb7ws3DwLKoilPueoiljA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 08/04/2016 12:46 PM, Peter Maydell wrote: > I've upgraded to a more recent version of clang, which now produces > undefined-behaviour warnings for passing NULL pointers to some library > functions. One of the things it has shown up is that some of the > qtest tests ask for "memset" with size zero. In our current implementat= ion > this results in qtest.c calling g_malloc(0), which returns NULL, and I never understood why glib made that choice on g_malloc(0). I would much prefer it to ALWAYS return something, just as glibc malloc(0) does. > then calling memset(NULL, chr, 0), which is UB. Indeed, although I really wish POSIX could be loosened to say that the source pointer is untouched if the length is 0 (I've debated about filing a POSIX bug report to that effect, but have not done so yet), so that the UB only happens when passing NULL with a non-zero size. >=20 > So should we: > (1) declare the qtest protocol commands 'memset', 'read', 'write' > etc which operate on a lump of guest memory of specified size to > support size =3D=3D 0 as meaning "do nothing" My preference - even if we have to special case things to avoid UB at the lower level, presenting well-defined behavior at the upper level is easier to think about. > (2) declare that size =3D=3D 0 is not valid and make it return a failur= e > code back down the qtest pipe (and fix the offending tests) Doable, but not as fun to audit, and not my preference. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --o2FE5SoKVg3lHb7ws3DwLKoilPueoiljA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXo6fwAAoJEKeha0olJ0Nqp6UH/2uQDRtRAay385XuNXgjRCTk QRNAgeYMElMtRRRfxLi3XbPf3WVed9c2E7epUtvdwsTvqhdVGEUhVVEcbMt5erzP SMpzWMTROSNKCfs7TIiw82yYeedR1HY6G5kpdGu69U6iYj4YhEMkKEFeQFONSDt5 dfOXXSCw/mpcgSJZ4PR8KCYSWFXB5x97iF/stWs3jFlcULUbu3FUirL0KeqVgPie uMjUFV8YzVSyYqFVXWNs05VEh5IVtqAs0TQUvopcDJ8OQ7kDDY88z5V4SBpI8cBU cOhF33RB1o7ovaAdNFMM1HqVrEGezGyT/QpjfFlOCBwQn9tRHG4Q4UYg1Is9V2I= =YKNe -----END PGP SIGNATURE----- --o2FE5SoKVg3lHb7ws3DwLKoilPueoiljA--