From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1M6ApZ-0000XK-Sc
	for qemu-devel@nongnu.org; Mon, 18 May 2009 17:57:09 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1M6ApY-0000WA-Pv
	for qemu-devel@nongnu.org; Mon, 18 May 2009 17:57:09 -0400
Received: from [199.232.76.173] (port=56201 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1M6ApY-0000W3-Lf
	for qemu-devel@nongnu.org; Mon, 18 May 2009 17:57:08 -0400
Received: from fe01x03-cgp.akado.ru ([77.232.31.164]:58250 helo=akado.ru)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <av1474@comtv.ru>) id 1M6ApY-0008On-51
	for qemu-devel@nongnu.org; Mon, 18 May 2009 17:57:08 -0400
Date: Tue, 19 May 2009 01:56:55 +0400 (MSD)
From: malc <av1474@comtv.ru>
Subject: Re: [Qemu-devel] [PATCH] fix qemu_malloc() error check for size==0
In-Reply-To: <1242678676-19439-1-git-send-email-ehabkost@redhat.com>
Message-ID: <Pine.LNX.4.64.0905190148200.3344@linmac.oyster.ru>
References: <1242678676-19439-1-git-send-email-ehabkost@redhat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: qemu-devel@nongnu.org

On Mon, 18 May 2009, Eduardo Habkost wrote:

> This patch is similar to a previous qemu_realloc() fix
> (commit 322691a5c9f1c8531554148d47c078b5be590805), but for qemu_malloc().
> 
> malloc(0) may correctly return NULL if size==0. We don't want to abort qemu on
> this case.

Only it wouldn't (on Linux):

$ cat malloc.c
#include <stdlib.h>

int main (void)
{
    printf ("%p\n", malloc (0));
    return 0;
}
$ gcc malloc.c
$ ./a.out 
0x10011008

Standard (in 7.20.3) says that malloc's behaviour in case of size being
zero is implementation defined.

Try `git show 63c75dcd669d011f438421980b4379827da4bb1c'.

The best(only?) thing to do is to check size passed to qemu_malloc[z]
and abort the program if this situation is encountered.

-- 
mailto:av1474@comtv.ru