[libvirt] [PATCH 4/4] virFree: Check const correctness

Michal Privoznik mprivozn at redhat.com
Tue Jul 15 13:33:05 UTC 2014


On 15.07.2014 15:27, Martin Kletzander wrote:
> On Tue, Jul 15, 2014 at 02:38:36PM +0200, Michal Privoznik wrote:
>> Up to now it's possible to do something like this:
>>
>> const char *ptr;
>>
>> ptr = strdup("my example string");
>>
>> VIR_FREE(ptr);
>>
>> The problem is, const char * pointers should not be modified (and
>> freeing them is kind of modification). We should avoid this. A little
>> trick is used: assigning a const pointer into 'void *' triggers
>> compiler warning about discarding 'const' qualifier from pointer. So
>> the virFree() function gains new dummy argument, that is not touched
>> anyhow, just fulfills the const correctness check duty.
>>
>> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>> ---
>> src/util/viralloc.c       |  6 ++++--
>> src/util/viralloc.h       | 20 ++++++++++++++++----
>> src/xenapi/xenapi_utils.c |  2 +-
>> 3 files changed, 21 insertions(+), 7 deletions(-)
>>
>> diff --git a/src/util/viralloc.c b/src/util/viralloc.c
>> index be9f0fe..0134e67 100644
>> --- a/src/util/viralloc.c
>> +++ b/src/util/viralloc.c
> [...]
>> @@ -569,13 +569,15 @@ int virAllocVar(void *ptrptr,
>>
>> /**
>>  * virFree:
>> + * @ptr: dummy pointer to check const correctness
>>  * @ptrptr: pointer to pointer for address of memory to be freed
>>  *
>>  * Release the chunk of memory in the pointer pointed to by
>>  * the 'ptrptr' variable. After release, 'ptrptr' will be
>>  * updated to point to NULL.
>>  */
>> -void virFree(void *ptrptr)
>> +void virFree(void *ptr ATTRIBUTE_UNUSED,
>> +             void *ptrptr)
>
> What if you don't add another argument, but just change the void
> *ptrptr to void **ptrptr.  Compiler shouldn't be mad about not knowing
> the size resulting of de-referencing ptrptr, you get the check you
> want and keep the macro without side-effects.

That won't work. Consider:

char *tmp;

VIR_FREE(tmp);

which in turn is equal to:

virFree(&tmp);

so the &tmp is type of 'char **' while virFree() would expect 'void **' 
which confuses compiler.

Michal




More information about the libvir-list mailing list