On Mon, Mar 14, 2022 at 05:01:08PM +0100, Markus Armbruster wrote:
> g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
> for two reasons. One, it catches multiplication overflowing size_t.
> Two, it returns T * rather than void *, which lets the compiler catch
> more type errors.
>
> This commit only touches allocations with size arguments of the form
> sizeof(T).
>
> Patch created mechanically with:
>
> $ spatch --in-place --sp-file scripts/coccinelle/use-g_new-etc.cocci \
> --macro-file scripts/cocci-macro-file.h FILES...
>
> Signed-off-by: Markus Armbruster <armbru@xxxxxxxxxx>
> ---
I agree that this is mechanical, but...
<snip>
> qga/commands-win32.c | 8 ++---
> qga/commands.c | 2 +-
> qom/qom-qmp-cmds.c | 2 +-
> replay/replay-char.c | 4 +--
> replay/replay-events.c | 10 +++---
> scripts/coverity-scan/model.c | 2 +-
...are we sure we want to touch this particular file?
> diff --git a/scripts/coverity-scan/model.c b/scripts/coverity-scan/model.c
> index 9d4fba53d9..30bea672e1 100644
> --- a/scripts/coverity-scan/model.c
> +++ b/scripts/coverity-scan/model.c
> @@ -356,7 +356,7 @@ int g_poll (GPollFD *fds, unsigned nfds, int timeout)
> typedef struct _GIOChannel GIOChannel;
> GIOChannel *g_io_channel_unix_new(int fd)
> {
> - GIOChannel *c = g_malloc0(sizeof(GIOChannel));
> + GIOChannel *c = g_new0(GIOChannel, 1);
> __coverity_escape__(fd);
> return c;
> }
Our model has a definition of g_malloc0(), but I'm not sure whether
Coverity picks up the macro g_new0() in the same manner.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
