Re: [Qemu-devel] [PATCH] fix qemu_malloc() error check for size==0

[Eduardo Habkost]

On Tue, May 19, 2009 at 05:00:27PM +0400, malc wrote:
> On Tue, 19 May 2009, Markus Armbruster wrote:
<snip>
> > >                                              IOW making qemu_malloc[z]
> > > return whatever the underlying system returns is just hiding the bugs,
> > > the code becomes unportable.
> > 
> > Matter of taste.
> > 
> > 1. Deal with the implementation-definedness.  Every caller that could
> >    pass zero needs to take care not to confuse empty allocation with an
> >    out of memory condition.
> > 
> >    This is easier than it sounds when you check for out of memory in
> >    just one place, like we do.
> > 
> > 2. Remove the implementation-definedness.  Easiest way is to detect zero
> >    size in a wrapper (for us: qemu_malloc()) and bump it to one.
> 
> And mine:
>   3. Abort the program if somebody tries it. Because so far history thought
>      me that nobody does 1.

Are you sure about that? There may be cases where qemu_malloc(0) is
called correctly, without the wrong assumptions about the returned
value.

You are proposing to make the qemu_malloc() API behavior diverge from
the standard C malloc() behavior and prevent usage that is valid for
malloc()/free() usage. Do you volunteer to audit all Qemu code to make
sure the new behavior is safe?  ;)

-- 
Eduardo