Re: [libvirt] PATCH: Switch all remaining code to memory alloc APIs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jun 02, 2008 at 04:35:47PM +0200, Jim Meyering wrote:
> "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:
> > This patch switches all remaining code over to use the memory allocation
> > APIs, with exception of virsh which is going to be slightly more complex
> >
> > It was mostly a straight conversion - there were only a few places which 
> > weren't checking for failure corecttly - the most notable being sexpr.c.

> > @@ -266,7 +264,7 @@
> >      memset(zeros, 0, sizeof(zeros));
> >  
> >      /* XXX multiple pvs */
> > -    if ((vgargv = malloc(sizeof(char*) * (1))) == NULL) {
> > +    if (VIR_ALLOC_N(vgargv, 1) < 0) {
> >          virStorageReportError(conn, VIR_ERR_NO_MEMORY, "%s", _("command line"));
> 
> That can be just
> 
>     if (VIR_ALLOC(vgargv) < 0) {

I kept that as ALLOC_N to remind myself that this needs to change in the
future to support multiple PVs.

> > @@ -172,15 +173,12 @@
> >      if (xenUnifiedNodeGetInfo(dom->conn, &nodeinfo) < 0)
> >          return(NULL);
> >  
> > -    cpulist = calloc(nb_cpu, sizeof(*cpulist));
> > -    if (cpulist == NULL)
> > +    if (VIR_ALLOC_N(cpulist, nb_cpu) < 0)
> >          goto done;
> > -    cpuinfo = malloc(sizeof(*cpuinfo) * nb_vcpu);
> > -    if (cpuinfo == NULL)
> > +    if (VIR_ALLOC_N(cpuinfo, nb_vcpu) < 0)
> >          goto done;
> >      cpumaplen = VIR_CPU_MAPLEN(VIR_NODEINFO_MAXCPUS(nodeinfo));
> > -    cpumap = (unsigned char *) calloc(nb_vcpu, cpumaplen);
> > -    if (cpumap == NULL)
> > +    if (VIR_ALLOC_N(cpumap, nb_vcpu * cpumaplen) < 0)
> >          goto done;
> 
> At first I thought it didn't matter that the product wasn't
> checked for overflow, but then I spent a couple minutes trying
> to find if/where nb_vcpu was guaranteed to be small enough
> that we don't have to worry.  There may well be code to ensure
> that, but if so, it's too far from this point of use for my taste,
> so I think it's best to add an explicit overflow check here, i.e.,
> 
>        if (xalloc_oversized(nb_vcpu, cpumaplen) ||
>            VIR_ALLOC_N(cpumap, nb_vcpu * cpumaplen) < 0)
>            goto done;

Yep, this does really need checking

Dan.
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]