|
From: | Gerd Hoffmann |
Subject: | Re: [Qemu-devel] [PATCH] use qemu_malloc and friends consistently |
Date: | Fri, 29 May 2009 14:36:50 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3pre) Gecko/20090513 Fedora/3.0-2.3.beta2.fc11 Lightning/1.0pre Thunderbird/3.0b2 |
a. return NULL b. return malloc(1) c. abort d. do what OpenBSD does
(e) return malloc(0), without wrapping it into oom_check().
In a nutshell what i argue is that, if someone doesn't need any memory it shouldn't be asking for it, and it's not that unlikely that the author never considered the possibility of his code requesting zero bytes of memory,
If the calling code correctly keeps track of the allocated amount of memory (which it should do anyway for correctness and security reasons) the zero-length case will not cause any hickups. It will happily copy zero bytes, do zero loop interations, or whatever else.
Aborting on qemu_malloc(0) forces the call sites to add a special case for len=0, even though correctly written code doesn't need a special case for it.
For the purpose of finding broken code returning NULL is IMHO the best option. Although dereferencing NULL is undefined, in practice it will segfault in most cases so the bugs shouldn't stay unnoticed for long.
cheers, Gerd
[Prev in Thread] | Current Thread | [Next in Thread] |