Yang, Xiaowei
2008-Jan-09 04:20 UTC
[Xen-devel] [PATCH] Pointer should be checked before use
Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com> diff -r c70d47b78f65 -r 89710484b825 tools/libxc/xc_linux.c --- a/tools/libxc/xc_linux.c Tue Jan 08 02:30:24 2008 +0800 +++ b/tools/libxc/xc_linux.c Tue Jan 08 05:37:23 2008 +0800 @@ -472,7 +472,10 @@ void *xc_gnttab_map_grant_refs(int xcg_h struct ioctl_gntdev_map_grant_ref *map; void *addr = NULL; int i; - + + if ( domids == NULL || refs == NULL ) + return NULL; + map = malloc(sizeof(*map) + (count-1) * sizeof(struct ioctl_gntdev_map_grant_ref)); if ( map == NULL ) Regards, Xiaowei _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2008-Jan-09 08:38 UTC
Re: [Xen-devel] [PATCH] Pointer should be checked before use
Perhaps the caller should not pass NULL pointers? -- Keir On 9/1/08 04:20, "Yang, Xiaowei" <xiaowei.yang@intel.com> wrote:> Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com> > > diff -r c70d47b78f65 -r 89710484b825 tools/libxc/xc_linux.c > --- a/tools/libxc/xc_linux.c Tue Jan 08 02:30:24 2008 +0800 > +++ b/tools/libxc/xc_linux.c Tue Jan 08 05:37:23 2008 +0800 > @@ -472,7 +472,10 @@ void *xc_gnttab_map_grant_refs(int xcg_h > struct ioctl_gntdev_map_grant_ref *map; > void *addr = NULL; > int i; > - > + > + if ( domids == NULL || refs == NULL ) > + return NULL; > + > map = malloc(sizeof(*map) + > (count-1) * sizeof(struct > ioctl_gntdev_map_grant_ref)); > if ( map == NULL ) > > Regards, > Xiaowei > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ian Jackson
2008-Jan-09 10:09 UTC
Re: [Xen-devel] [PATCH] Pointer should be checked before use
Yang, Xiaowei writes ("[Xen-devel] [PATCH] Pointer should be checked before use"):> + if ( domids == NULL || refs == NULL ) > + return NULL;Callers should not pass null pointers. If they do it is better for the program to explode sooner than later; that makes tracking the fault much easier. So this kind of check, turning incoming null pointers into error returns, is a bad idea. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Yang, Xiaowei
2008-Jan-09 14:37 UTC
RE: [Xen-devel] [PATCH] Pointer should be checked before use
>Callers should not pass null pointers. If they do it is better for >the program to explode sooner than later; that makes tracking the >fault much easier. > >So this kind of check, turning incoming null pointers into error >returns, is a bad idea. >That may be better for debug tracking to let the caller process segfault:). However, IMO as a function it''s almost always a good practice to check the parameters'' validation before using it. Returning an error if the caller passes invalid arguments is a more normal behavior than directly letting the process be killed due to no argument check. It may be too strict. Regards, Xiaowei _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ian Jackson
2008-Jan-09 15:26 UTC
RE: [Xen-devel] [PATCH] Pointer should be checked before use
Yang, Xiaowei writes ("RE: [Xen-devel] [PATCH] Pointer should be checked before use"):> That may be better for debug tracking to let the caller process > segfault:). However, IMO as a function it''s almost always a good > practice to check the parameters'' validation before using it. Returning > an error if the caller passes invalid arguments is a more normal > behavior than directly letting the process be killed due to no argument > check. It may be too strict.I disagree most strongly. In C, anyone calling a function must conform to its interface to avoid programs crashing (or even doing worse things). Turning null pointers on input, where they are not permitted, to null pointers on output or to error codes, just postpones the problem - after all the caller is probably expecting a null pointer back. So the program is going to crash or malfunction anyway. Even disregarding the fact that debugging the problem is much easier if the crash happens right away, it is far better to kill it sooner before it does any damage. (Typically people who write code which checks for error returns also avoid passing bogus arguments in the first place.) Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Samuel Thibault
2008-Jan-09 15:36 UTC
Re: [Xen-devel] [PATCH] Pointer should be checked before use
Ian Jackson, le Wed 09 Jan 2008 15:26:04 +0000, a écrit :> (Typically people who write code which checks for error returns also > avoid passing bogus arguments in the first place.)And typically people who pass bogus arguments don''t bother checking for errors that functions may return :) Samuel _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel