Xen devel - Aug 2013 - [PATCH] Add missing return value checks

The return value of vasprintf must be checked. This check is enforced
with the compiler options used in Debian by request and in Ubuntu by
default.

Check the return value and abort on error.

Signed-off-by: Bastian Blank <waldi@debian.org>

diff --git a/tools/tests/mce-test/tools/xen-mceinj.c
b/tools/tests/mce-test/tools/xen-mceinj.c
index e3e62f7..21a488b 100644
--- a/tools/tests/mce-test/tools/xen-mceinj.c
+++ b/tools/tests/mce-test/tools/xen-mceinj.c
@@ -92,7 +92,8 @@ static void Lprintf(const char *fmt, ...)
     va_list args;
 
     va_start(args, fmt);
-    vasprintf(&buf, fmt, args);
+    if (vasprintf(&buf, fmt, args) < 0)
+        abort();
     fprintf(LOGFILE, "%s", buf);
     va_end(args);
     free(buf);
@@ -104,7 +105,8 @@ static void err(xc_interface *xc_handle, const char *fmt,
...)
     va_list args;
 
     va_start(args, fmt);
-    vasprintf(&buf, fmt, args);
+    if (vasprintf(&buf, fmt, args) < 0)
+        abort();
     perror(buf);
     va_end(args);
     free(buf);
-- 
Emotions are alien to me.  I''m a scientist.
		-- Spock, "This Side of Paradise", stardate 3417.3

>>> On 11.08.13 at 22:10, Bastian Blank <bastian@waldi.eu.org>
wrote:
> The return value of vasprintf must be checked. This check is enforced
> with the compiler options used in Debian by request and in Ubuntu by
> default.
The function is not declared with __attribute__((warn_unused_result)),
so what''s the deal here? Are you saying that the compiler options are
such that _any_ unused return value would be complained about? I
doubt that, as I''d expect a lot more instances of such throughout the
tree. Hence - what''s going on here?

Jan
> Check the return value and abort on error.
> 
> Signed-off-by: Bastian Blank <waldi@debian.org>
> 
> diff --git a/tools/tests/mce-test/tools/xen-mceinj.c 
> b/tools/tests/mce-test/tools/xen-mceinj.c
> index e3e62f7..21a488b 100644
> --- a/tools/tests/mce-test/tools/xen-mceinj.c
> +++ b/tools/tests/mce-test/tools/xen-mceinj.c
> @@ -92,7 +92,8 @@ static void Lprintf(const char *fmt, ...)
>      va_list args;
>  
>      va_start(args, fmt);
> -    vasprintf(&buf, fmt, args);
> +    if (vasprintf(&buf, fmt, args) < 0)
> +        abort();
>      fprintf(LOGFILE, "%s", buf);
>      va_end(args);
>      free(buf);
> @@ -104,7 +105,8 @@ static void err(xc_interface *xc_handle, const char
*fmt,
> ...)
>      va_list args;
>  
>      va_start(args, fmt);
> -    vasprintf(&buf, fmt, args);
> +    if (vasprintf(&buf, fmt, args) < 0)
> +        abort();
>      perror(buf);
>      va_end(args);
>      free(buf);
> -- 
> Emotions are alien to me.  I''m a scientist.
> 		-- Spock, "This Side of Paradise", stardate 3417.3
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org 
> http://lists.xen.org/xen-devel

On Mon, Aug 12, 2013 at 09:24:59AM +0100, Jan Beulich
wrote:
> >>> On 11.08.13 at 22:10, Bastian Blank
<bastian@waldi.eu.org> wrote:
> > The return value of vasprintf must be checked. This check is enforced
> > with the compiler options used in Debian by request and in Ubuntu by
> > default.
> The function is not declared with __attribute__((warn_unused_result)),
Depending on the compiler setup it is and has been this way since a long time:

| #define __attribute_warn_unused_result__ __attribute__
((__warn_unused_result__))
| #if __USE_FORTIFY_LEVEL > 0
| # define __wur __attribute_warn_unused_result__
| #endif
| extern int vasprintf (char **__restrict __ptr, const char *__restrict __f,
|                       _G_va_list __arg)
|      __THROWNL __attribute__ ((__format__ (__printf__, 2, 0))) __wur;

Bastian

-- 
There''s another way to survive.  Mutual trust -- and help.
		-- Kirk, "Day of the Dove", stardate unknown

>>> On 12.08.13 at 14:41, Bastian Blank <bastian@waldi.eu.org>
wrote:
> On Mon, Aug 12, 2013 at 09:24:59AM +0100, Jan Beulich wrote:
>> >>> On 11.08.13 at 22:10, Bastian Blank
<bastian@waldi.eu.org> wrote:
>> > The return value of vasprintf must be checked. This check is
enforced
>> > with the compiler options used in Debian by request and in Ubuntu
by
>> > default.
>> The function is not declared with __attribute__((warn_unused_result)),
> 
> Depending on the compiler setup it is and has been this way since a long 
> time:
> 
> | #define __attribute_warn_unused_result__ __attribute__ 
> ((__warn_unused_result__))
> | #if __USE_FORTIFY_LEVEL > 0
> | # define __wur __attribute_warn_unused_result__
> | #endif
> | extern int vasprintf (char **__restrict __ptr, const char *__restrict
__f,
> |                       _G_va_list __arg)
> |      __THROWNL __attribute__ ((__format__ (__printf__, 2, 0))) __wur;
Oh, I''m sorry, I grepped for in tools/, found

int vasprintf(char **buffer, const char *fmt, va_list ap);

in libxl, and concluded there''s no attribute. Looking more closely,
this is only a backup declaration...

So yes, your patch is fine:

Reviewed-by: Jan Beulich <jbeulich@suse.com>

Jan

Bastian Blank writes ("[PATCH] Add missing return value
checks"):
> The return value of vasprintf must be checked. This check is enforced
> with the compiler options used in Debian by request and in Ubuntu by
> default.
> 
> Check the return value and abort on error.
> 
> Signed-off-by: Bastian Blank <waldi@debian.org>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

Bastian Blank writes ("[PATCH] Add missing return value
checks"):
> The return value of vasprintf must be checked. This check is enforced
> with the compiler options used in Debian by request and in Ubuntu by
> default.
I have backported this to 4.3 and 4.2.

Ian.