qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 3/3] hw/core: report an error if invalid gpio is

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH 3/3] hw/core: report an error if invalid gpio is used
Date: Mon, 26 Jun 2017 20:33:09 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 
On 06/23/2017 02:25 PM, Eduardo Habkost wrote:
> On Fri, Jun 23, 2017 at 01:45:57PM -0300, Philippe Mathieu-Daudé wrote:
>> then abort calling error_setg()
> 
> I don't understand the reasons for this.  This commit message says
> "what" and "how", but not "why".
> 

>> -    assert(n >= 0 && n < gpio_list->num_in);
>> +    assert(n >= 0);
>> +    if (n >= gpio_list->num_in) {
>> +        error_setg(&error_abort, "Invalid gpio #%d (of %d) for %s",
>> +                   n, gpio_list->num_in, name ? name : "device");
> 
> Why exactly assert() is ok for (n < 0), but not for
> (n >= gpio_list->num_io)?
> 
> If you have reasons to believe (n >= gpio_list->num_in) can be triggered
> by user input, then abort() isn't an appropriate way to handle it.

What's more, error_setg(&error_abort) should not be used.  Yes, a quick
grep for 'error_setg.*error_abort' shows that we have a couple of bad
examples in the tree that should be patched, but it also finds that
include/qapi/error.h states:

 * Please don't error_setg(&error_fatal, ...), use error_report() and
 * exit(), because that's more obvious.
 * Likewise, don't error_setg(&error_abort, ...), use assert().

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]