[libvirt] [PATCH 05/11] util: use glib string allocation/formatting functions

Daniel P. Berrangé berrange at redhat.com
Fri Oct 4 14:18:22 UTC 2019 

On Mon, Sep 30, 2019 at 01:35:36PM +0200, Pavel Hrdina wrote:
> On Fri, Sep 27, 2019 at 06:17:27PM +0100, Daniel P. Berrangé wrote:
> > Convert the string duplication APIs to use the g_strdup family of APIs.
> > 
> > Annoyingly our virVasprintf/virAsprintf functions return the character
> > count, even though 90% of our usage doesn't need it. To retain compat
> > with these semantics we have a call to strlen which costs CPU time.
> > 
> > We previously used the 'strdup-posix' gnulib module because mingw does
> > not set errno to ENOMEM on failure
> > 
> > We previously used the 'strndup' gnulib module because this function
> > does not exist on mingw.
> > 
> > We previously used the 'vasprintf' gnulib module because of many GNU
> > supported format specifiers not working on non-Linux platforms. glib's
> > own equivalent standardizes on GNU format specifiers too.
> > 
> > Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> > ---
> >  bootstrap.conf       |  3 ---
> >  src/util/virstring.c | 19 +++++++------------
> >  2 files changed, 7 insertions(+), 15 deletions(-)
> > 
> > diff --git a/bootstrap.conf b/bootstrap.conf
> > index 549d18c6d4..b6b75f9301 100644
> > --- a/bootstrap.conf
> > +++ b/bootstrap.conf
> > @@ -100,8 +100,6 @@ stat-time
> >  stdarg
> >  stpcpy
> >  strchrnul
> > -strdup-posix
> > -strndup
> >  strerror
> >  strerror_r-posix
> >  strptime
> > @@ -117,7 +115,6 @@ uname
> >  unsetenv
> >  useless-if-before-free
> >  usleep
> > -vasprintf
> >  verify
> >  vc-list-files
> >  vsnprintf
> > diff --git a/src/util/virstring.c b/src/util/virstring.c
> > index a4cc7e9c0a..c8c888b2a0 100644
> > --- a/src/util/virstring.c
> > +++ b/src/util/virstring.c
> > @@ -730,12 +730,9 @@ virVasprintfInternal(char **strp,
> >                       const char *fmt,
> >                       va_list list)
> >  {
> > -    int ret;
> > +    *strp = g_strdup_vprintf(fmt, list);
> >  
> > -    if ((ret = vasprintf(strp, fmt, list)) == -1)
> > -        abort();
> > -
> > -    return ret;
> > +    return strlen(*strp);
> 
> This will cause a SEGFAULT if strp is NULL as g_strdup_vprintf doesn't
> abort on failure.

I spent a long time investigating this....

g_strdup_vprintf calls g_vasprintf() which in turn has 3 impls.

2 out of the 3 impls will abort on OOM, but one won't. The one
we use on Linux is the one that won't abort.

No application code that I can find ever checks the return value
of g_strdup_vprintf or the output string of g_vasprintf.

I eventually found a bug indicating the lack of abort on OOM is
indeed considered a mistake:

  https://gitlab.gnome.org/GNOME/glib/issues/1622

I've thus sent a patch to force an abort on OOM:

  https://gitlab.gnome.org/GNOME/glib/merge_requests/1145

Thus I think from libvirt's POV we can assume this aborts on OOM,
since every single other application using this does the same.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list