We already use __alloc_size and __realloc_size in <malloc.h>, so GCC can warn about some types of memory safety issues at build-time. Let's have the same for xfuncs.h as well and additionally specify __returns_nonnull, so the compiler could provide better diagnostics. Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> --- include/linux/compiler_types.h | 9 +++++++++ include/xfuncs.h | 25 +++++++++++++------------ scripts/include/linux/compiler.h | 9 +++++++++ 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index d925b3da296d..e9205bb03e81 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -157,6 +157,12 @@ struct ftrace_likely_data { # define __no_stack_protector #endif +#if __has_attribute(__returns_nonnull) +#define __returns_nonnull __attribute__((__returns_nonnull__)) +#else +#define __returns_nonnull +#endif + #endif /* __KERNEL__ */ #endif /* __ASSEMBLY__ */ @@ -212,6 +218,9 @@ struct ftrace_likely_data { # define __realloc_size(x, ...) #endif +# define __xalloc_size(args...) __returns_nonnull __alloc_size(args) +# define __xrealloc_size(args...) __returns_nonnull __realloc_size(args) + /* Are two types/vars the same type (ignoring qualifiers)? */ #define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b)) diff --git a/include/xfuncs.h b/include/xfuncs.h index a9132d378722..1db88c63a03d 100644 --- a/include/xfuncs.h +++ b/include/xfuncs.h @@ -3,21 +3,22 @@ #define __XFUNCS_H #include <linux/types.h> +#include <linux/compiler.h> #include <stdarg.h> #include <wchar.h> -void *xmalloc(size_t size); -void *xrealloc(void *ptr, size_t size); -void *xzalloc(size_t size); -char *xstrdup(const char *s); -char *xstrndup(const char *s, size_t size); -void* xmemalign(size_t alignment, size_t bytes); -void* xmemdup(const void *orig, size_t size); -char *xasprintf(const char *fmt, ...) __attribute__ ((format(__printf__, 1, 2))); -char *xvasprintf(const char *fmt, va_list ap); +void *xmalloc(size_t size) __xalloc_size(1); +void *xrealloc(void *ptr, size_t size) __xrealloc_size(2); +void *xzalloc(size_t size) __xalloc_size(1); +char *xstrdup(const char *s) __returns_nonnull; +char *xstrndup(const char *s, size_t size) __returns_nonnull; +void* xmemalign(size_t alignment, size_t bytes) __xalloc_size(2); +void* xmemdup(const void *orig, size_t size) __returns_nonnull; +char *xasprintf(const char *fmt, ...) __attribute__ ((format(__printf__, 1, 2))) __returns_nonnull; +char *xvasprintf(const char *fmt, va_list ap) __returns_nonnull; -wchar_t *xstrdup_wchar(const wchar_t *src); -wchar_t *xstrdup_char_to_wchar(const char *src); -char *xstrdup_wchar_to_char(const wchar_t *src); +wchar_t *xstrdup_wchar(const wchar_t *src) __returns_nonnull; +wchar_t *xstrdup_char_to_wchar(const char *src) __returns_nonnull; +char *xstrdup_wchar_to_char(const wchar_t *src) __returns_nonnull; #endif /* __XFUNCS_H */ diff --git a/scripts/include/linux/compiler.h b/scripts/include/linux/compiler.h index fa7208a32d76..780ccec21a3c 100644 --- a/scripts/include/linux/compiler.h +++ b/scripts/include/linux/compiler.h @@ -39,6 +39,15 @@ # define unlikely(x) __builtin_expect(!!(x), 0) #endif +#ifndef __returns_nonnull +# define __returns_nonnull +#endif + +# define __alloc_size(x, ...) +# define __realloc_size(x, ...) +# define __xalloc_size(args...) __returns_nonnull __alloc_size(args) +# define __xrealloc_size(args...) __returns_nonnull __realloc_size(args) + #define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x)) #include <linux/types.h> -- 2.39.2