[v2] xmalloc: Fix warnings with gcc analyzer
Checks
Context |
Check |
Description |
dj/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
dj/TryBot-32bit |
fail
|
Patch series failed to apply
|
Commit Message
Tell the compiler that xmalloc family of allocators always return
non-NULL.
---
include/programs/xmalloc.h | 12 ++++++++----
misc/sys/cdefs.h | 10 ++++++++++
2 files changed, 18 insertions(+), 4 deletions(-)
Comments
* Siddhesh Poyarekar:
> extern void *xrealloc (void *o, size_t n)
> + __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free
> + __returns_nonnull;
Sorry, this one has again __returns_nonnull for xrealloc.
Florian
On 7/28/21 4:44 PM, Florian Weimer via Libc-alpha wrote:
> * Siddhesh Poyarekar:
>
>> extern void *xrealloc (void *o, size_t n)
>> + __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free
>> + __returns_nonnull;
>
> Sorry, this one has again __returns_nonnull for xrealloc.
The xrealloc in programs does a malloc(1) if the size requested is 0, so
it never really returns a NULL.
Siddhesh
* Siddhesh Poyarekar:
> On 7/28/21 4:44 PM, Florian Weimer via Libc-alpha wrote:
>> * Siddhesh Poyarekar:
>>
>>> extern void *xrealloc (void *o, size_t n)
>>> + __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free
>>> + __returns_nonnull;
>> Sorry, this one has again __returns_nonnull for xrealloc.
>
> The xrealloc in programs does a malloc(1) if the size requested is 0,
> so it never really returns a NULL.
So it does not free anything ever?
We should not have two different attributes for xrealloc. I suggest to
drop the attribute from the include/* version for now, until we can
clean this up.
Thanks,
Florian
On 7/28/21 4:55 PM, Florian Weimer wrote:
> So it does not free anything ever?
Specifically, it does not act as a substitute for free(); it does free
during reallocation.
> We should not have two different attributes for xrealloc. I suggest to
> drop the attribute from the include/* version for now, until we can
> clean this up.
OK. Perhaps it would make sense to consolidate the two x* functions too
later. I'll post v3.
Siddhesh
@@ -23,11 +23,15 @@
/* Prototypes for a few program-wide used functions. */
extern void *xmalloc (size_t n)
- __attribute_malloc__ __attribute_alloc_size__ ((1)) __attr_dealloc_free;
+ __attribute_malloc__ __attribute_alloc_size__ ((1)) __attr_dealloc_free
+ __returns_nonnull;
extern void *xcalloc (size_t n, size_t s)
- __attribute_malloc__ __attribute_alloc_size__ ((1, 2)) __attr_dealloc_free;
+ __attribute_malloc__ __attribute_alloc_size__ ((1, 2)) __attr_dealloc_free
+ __returns_nonnull;
extern void *xrealloc (void *o, size_t n)
- __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free;
-extern char *xstrdup (const char *) __attribute_malloc__ __attr_dealloc_free;
+ __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free
+ __returns_nonnull;
+extern char *xstrdup (const char *) __attribute_malloc__ __attr_dealloc_free
+ __returns_nonnull;
#endif /* xmalloc.h */
@@ -330,6 +330,16 @@
# define __nonnull(params) _GL_ATTRIBUTE_NONNULL (params)
#endif
+/* The returns_nonnull function attribute marks the return type of the function
+ as always being non-null. */
+#ifndef __returns_nonnull
+# if __GNUC_PREREQ (4, 9) || __glibc_has_attribute (__returns_nonnull__)
+# define __returns_nonnull __attribute__ ((__returns_nonnull__))
+# else
+# define __returns_nonnull
+# endif
+#endif
+
/* If fortification mode, we warn about unused results of certain
function calls which can lead to problems. */
#if __GNUC_PREREQ (3,4) || __glibc_has_attribute (__warn_unused_result__)