Message ID | 20241111155555.90091-6-berrange@redhat.com |
---|---|
State | New |
Headers | show |
Series | Require error handling for dynamically created objects | expand |
On Mon, Nov 11, 2024 at 03:55:52PM +0000, Daniel P. Berrangé wrote: > Since object_new() will assert(), it should only be used in scenarios > where the caller knows exactly what type it is asking to be created, > and can thus be confident in avoiding abstract types. > > Enforce this by using a macro wrapper which types to paste "" to the > type name. This will generate a compile error if not passed a static > const string, forcing callers to use object_new_dynamic() instead. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
diff --git a/include/qom/object.h b/include/qom/object.h index 4fc01336c4..2d5a0d84b5 100644 --- a/include/qom/object.h +++ b/include/qom/object.h @@ -637,7 +637,17 @@ Object *object_new_with_class(ObjectClass *klass, Error **errp); * * Returns: The newly allocated and instantiated object. */ -Object *object_new(const char *typename); + +/* + * NB, object_new_internal is just an internal helper, wrapped by + * the object_new() macro which prevents invokation unless given + * a static, const string. + * + * Code should call object_new(), or object_new_dynamic(), not + * object_new_internal(). + */ +Object *object_new_internal(const char *typename); +#define object_new(typename) object_new_internal(typename "") /** * object_new_dynamic: diff --git a/qom/object.c b/qom/object.c index 2e6e6495c6..645f560ec8 100644 --- a/qom/object.c +++ b/qom/object.c @@ -799,7 +799,8 @@ Object *object_new_with_class(ObjectClass *klass, Error **errp) return object_new_with_type(klass->type, errp); } -Object *object_new(const char *typename) +/* Only to be called via the 'object_new' macro */ +Object *object_new_internal(const char *typename) { TypeImpl *ti = type_get_or_load_by_name(typename, &error_fatal);
Since object_new() will assert(), it should only be used in scenarios where the caller knows exactly what type it is asking to be created, and can thus be confident in avoiding abstract types. Enforce this by using a macro wrapper which types to paste "" to the type name. This will generate a compile error if not passed a static const string, forcing callers to use object_new_dynamic() instead. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- include/qom/object.h | 12 +++++++++++- qom/object.c | 3 ++- 2 files changed, 13 insertions(+), 2 deletions(-)