qemu-devel@nongnu.org
[Top] [All Lists]

Re: [Qemu-devel] [PATCH] Permit zero-sized qemu_malloc() & friends

Subject: Re: [Qemu-devel] [PATCH] Permit zero-sized qemu_malloc() & friends
From: Markus Armbruster
Date: Tue, 01 Dec 2009 14:11:49 +0100
Gerd Hoffmann <kraxel@xxxxxxxxxx> writes:

>> diff --git a/qemu-malloc.c b/qemu-malloc.c
>> index 295d185..aeeb78b 100644
>> --- a/qemu-malloc.c
>> +++ b/qemu-malloc.c
>> @@ -44,22 +44,12 @@ void qemu_free(void *ptr)
>>
>>   void *qemu_malloc(size_t size)
>>   {
>> -    if (!size) {
>> -        abort();
>> -    }
>> -    return oom_check(malloc(size));
>> +    return oom_check(malloc(size ? size : 1));
>>   }
>
> You might want to have a 'static uint8_t zero_length_malloc[0]' and
> return that instead of the magic cookie '1'.  Makes the code more
> readable IMHO and you'll also have symbol in gdb when debugging qemu.

Complicates qemu_realloc() and qemu_free() somewhat, and that makes me
think we better do it as a separate commit.  Agree?

> Even more advanced:  Make zero_length_malloc page-sized and
> page-aligned, then munmap int, so dereferencing it actually traps.

Overrunning a malloc'ed buffer very rarely traps, not sure catching this
special case is worth the portability headaches.  If you really want to
catch overruns, you need special tools like valgrind or electric fence
anyway.

>>   void *qemu_realloc(void *ptr, size_t size)
>>   {
>> +    return oom_check(realloc(ptr, size ? size : 1));
>
> qemu_realloc(qemu_malloc(0), 42);
>
> should better work correctly ...
>
> Likewise qemu_free(qemu_malloc(0));


<Prev in Thread] Current Thread [Next in Thread>