Re: [libvirt] PATCH: Switch all remaining code to memory alloc APIs

"Daniel P. Berrange" <berrange(a)redhat.com&gt; wrote: > This patch switches all remaining code over to use the memory allocation > APIs, with exception of virsh which is going to be slightly more complex > > It was mostly a straight conversion - there were only a few places which > weren't checking for failure corecttly - the most notable being sexpr.c.

> @@ -266,7 +264,7 @@ > memset(zeros, 0, sizeof(zeros)); > > /* XXX multiple pvs */ > - if ((vgargv = malloc(sizeof(char*) * (1))) == NULL) { > + if (VIR_ALLOC_N(vgargv, 1) < 0) { > virStorageReportError(conn, VIR_ERR_NO_MEMORY, "%s", _("command line")); That can be just if (VIR_ALLOC(vgargv) < 0) {

> @@ -172,15 +173,12 @@ > if (xenUnifiedNodeGetInfo(dom->conn, &nodeinfo) < 0) > return(NULL); > > - cpulist = calloc(nb_cpu, sizeof(*cpulist)); > - if (cpulist == NULL) > + if (VIR_ALLOC_N(cpulist, nb_cpu) < 0) > goto done; > - cpuinfo = malloc(sizeof(*cpuinfo) * nb_vcpu); > - if (cpuinfo == NULL) > + if (VIR_ALLOC_N(cpuinfo, nb_vcpu) < 0) > goto done; > cpumaplen = VIR_CPU_MAPLEN(VIR_NODEINFO_MAXCPUS(nodeinfo)); > - cpumap = (unsigned char *) calloc(nb_vcpu, cpumaplen); > - if (cpumap == NULL) > + if (VIR_ALLOC_N(cpumap, nb_vcpu * cpumaplen) < 0) > goto done; At first I thought it didn't matter that the product wasn't checked for overflow, but then I spent a couple minutes trying to find if/where nb_vcpu was guaranteed to be small enough that we don't have to worry. There may well be code to ensure that, but if so, it's too far from this point of use for my taste, so I think it's best to add an explicit overflow check here, i.e., if (xalloc_oversized(nb_vcpu, cpumaplen) || VIR_ALLOC_N(cpumap, nb_vcpu * cpumaplen) < 0) goto done;