qemu-trivial
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-trivial] [Qemu-devel] [PATCH for 2.10 03/35] thunk: check nb_f


From: Peter Maydell
Subject: Re: [Qemu-trivial] [Qemu-devel] [PATCH for 2.10 03/35] thunk: check nb_fields is valid before continuing
Date: Mon, 24 Jul 2017 22:16:33 +0100

On 24 July 2017 at 19:27, Philippe Mathieu-Daudé <address@hidden> wrote:
> thunk.c:91:32: warning: Call to 'malloc' has an allocation size of 0 bytes
>         se->field_offsets[i] = malloc(nb_fields * sizeof(int));
>                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Reported-by: Clang Static Analyzer
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
>  thunk.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/thunk.c b/thunk.c
> index 2dac36666d..d1c5e221f5 100644
> --- a/thunk.c
> +++ b/thunk.c
> @@ -67,7 +67,6 @@ void thunk_register_struct(int id, const char *name, const 
> argtype *types)
>      int nb_fields, offset, max_align, align, size, i, j;
>
>      assert(id < max_struct_entries);
> -    se = struct_entries + id;
>
>      /* first we count the number of fields */
>      type_ptr = types;
> @@ -76,6 +75,10 @@ void thunk_register_struct(int id, const char *name, const 
> argtype *types)
>          type_ptr = thunk_type_next(type_ptr);
>          nb_fields++;
>      }
> +    if (!nb_fields) {
> +        return;
> +    }

Can this ever actually happen? We only call this function
for a fixed set of known-at-compile-time data (it's invoked
by all the STRUCT() macro uses). It seems likely that it
would be better to make this an assert() and check that none
of our uses of STRUCT() cause it to fire.

> +    se = struct_entries + id;
>      se->field_types = types;
>      se->nb_fields = nb_fields;
>      se->name = name;
> --
> 2.13.3
>

thanks
-- PMM



reply via email to

[Prev in Thread] Current Thread [Next in Thread]