diff mbox series

[v2] xmalloc: Fix warnings with gcc analyzer

Message ID 20210728103345.4065595-1-siddhesh@sourceware.org
State New
Headers show
Series [v2] xmalloc: Fix warnings with gcc analyzer | expand

Commit Message

Siddhesh Poyarekar July 28, 2021, 10:33 a.m. UTC
Tell the compiler that xmalloc family of allocators always return
non-NULL.
---
 include/programs/xmalloc.h | 12 ++++++++----
 misc/sys/cdefs.h           | 10 ++++++++++
 2 files changed, 18 insertions(+), 4 deletions(-)

Comments

Florian Weimer July 28, 2021, 11:14 a.m. UTC | #1
* Siddhesh Poyarekar:

>  extern void *xrealloc (void *o, size_t n)
> +  __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free
> +  __returns_nonnull;

Sorry, this one has again __returns_nonnull for xrealloc.

Florian
Siddhesh Poyarekar July 28, 2021, 11:23 a.m. UTC | #2
On 7/28/21 4:44 PM, Florian Weimer via Libc-alpha wrote:
> * Siddhesh Poyarekar:
> 
>>   extern void *xrealloc (void *o, size_t n)
>> +  __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free
>> +  __returns_nonnull;
> 
> Sorry, this one has again __returns_nonnull for xrealloc.

The xrealloc in programs does a malloc(1) if the size requested is 0, so 
it never really returns a NULL.

Siddhesh
Florian Weimer July 28, 2021, 11:25 a.m. UTC | #3
* Siddhesh Poyarekar:

> On 7/28/21 4:44 PM, Florian Weimer via Libc-alpha wrote:
>> * Siddhesh Poyarekar:
>> 
>>>   extern void *xrealloc (void *o, size_t n)
>>> +  __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free
>>> +  __returns_nonnull;
>> Sorry, this one has again __returns_nonnull for xrealloc.
>
> The xrealloc in programs does a malloc(1) if the size requested is 0,
> so it never really returns a NULL.

So it does not free anything ever?

We should not have two different attributes for xrealloc.  I suggest to
drop the attribute from the include/* version for now, until we can
clean this up.

Thanks,
Florian
Siddhesh Poyarekar July 28, 2021, 11:27 a.m. UTC | #4
On 7/28/21 4:55 PM, Florian Weimer wrote:
> So it does not free anything ever?

Specifically, it does not act as a substitute for free(); it does free 
during reallocation.

> We should not have two different attributes for xrealloc.  I suggest to
> drop the attribute from the include/* version for now, until we can
> clean this up.

OK.  Perhaps it would make sense to consolidate the two x* functions too 
later.  I'll post v3.

Siddhesh
diff mbox series

Patch

diff --git a/include/programs/xmalloc.h b/include/programs/xmalloc.h
index 33871e22ef..574fb41254 100644
--- a/include/programs/xmalloc.h
+++ b/include/programs/xmalloc.h
@@ -23,11 +23,15 @@ 
 
 /* Prototypes for a few program-wide used functions.  */
 extern void *xmalloc (size_t n)
-  __attribute_malloc__ __attribute_alloc_size__ ((1)) __attr_dealloc_free;
+  __attribute_malloc__ __attribute_alloc_size__ ((1)) __attr_dealloc_free
+  __returns_nonnull;
 extern void *xcalloc (size_t n, size_t s)
-  __attribute_malloc__ __attribute_alloc_size__ ((1, 2)) __attr_dealloc_free;
+  __attribute_malloc__ __attribute_alloc_size__ ((1, 2)) __attr_dealloc_free
+  __returns_nonnull;
 extern void *xrealloc (void *o, size_t n)
-  __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free;
-extern char *xstrdup (const char *) __attribute_malloc__ __attr_dealloc_free;
+  __attribute_malloc__ __attribute_alloc_size__ ((2)) __attr_dealloc_free
+  __returns_nonnull;
+extern char *xstrdup (const char *) __attribute_malloc__ __attr_dealloc_free
+  __returns_nonnull;
 
 #endif /* xmalloc.h */
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 30a621ab8f..e490fc1aeb 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -330,6 +330,16 @@ 
 # define __nonnull(params) _GL_ATTRIBUTE_NONNULL (params)
 #endif
 
+/* The returns_nonnull function attribute marks the return type of the function
+   as always being non-null.  */
+#ifndef __returns_nonnull
+# if __GNUC_PREREQ (4, 9) || __glibc_has_attribute (__returns_nonnull__)
+# define __returns_nonnull __attribute__ ((__returns_nonnull__))
+# else
+# define __returns_nonnull
+# endif
+#endif
+
 /* If fortification mode, we warn about unused results of certain
    function calls which can lead to problems.  */
 #if __GNUC_PREREQ (3,4) || __glibc_has_attribute (__warn_unused_result__)