[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] qtest protocol: should memset/read/write etc of a size
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] qtest protocol: should memset/read/write etc of a size of 0 bytes be permitted? |
Date: |
Thu, 4 Aug 2016 14:39:12 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 08/04/2016 12:46 PM, Peter Maydell wrote:
> I've upgraded to a more recent version of clang, which now produces
> undefined-behaviour warnings for passing NULL pointers to some library
> functions. One of the things it has shown up is that some of the
> qtest tests ask for "memset" with size zero. In our current implementation
> this results in qtest.c calling g_malloc(0), which returns NULL, and
I never understood why glib made that choice on g_malloc(0). I would
much prefer it to ALWAYS return something, just as glibc malloc(0) does.
> then calling memset(NULL, chr, 0), which is UB.
Indeed, although I really wish POSIX could be loosened to say that the
source pointer is untouched if the length is 0 (I've debated about
filing a POSIX bug report to that effect, but have not done so yet), so
that the UB only happens when passing NULL with a non-zero size.
>
> So should we:
> (1) declare the qtest protocol commands 'memset', 'read', 'write'
> etc which operate on a lump of guest memory of specified size to
> support size == 0 as meaning "do nothing"
My preference - even if we have to special case things to avoid UB at
the lower level, presenting well-defined behavior at the upper level is
easier to think about.
> (2) declare that size == 0 is not valid and make it return a failure
> code back down the qtest pipe (and fix the offending tests)
Doable, but not as fun to audit, and not my preference.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature