[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] util/qemu-option: Document the get_opt_value() function
From: |
Richard Henderson |
Subject: |
Re: [PATCH v2] util/qemu-option: Document the get_opt_value() function |
Date: |
Mon, 6 Jul 2020 18:14:33 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 |
On 6/29/20 12:08 AM, Philippe Mathieu-Daudé wrote:
> Coverity noticed commit 950c4e6c94 introduced a dereference before
> null check in get_opt_value (CID1391003):
>
> In get_opt_value: All paths that lead to this null pointer
> comparison already dereference the pointer earlier (CWE-476)
>
> We fixed this in commit 6e3ad3f0e31, but relaxed the check in commit
> 0c2f6e7ee99 because "No callers of get_opt_value() pass in a NULL
> for the 'value' parameter".
>
> Since this function is publicly exposed, it risks new users to do
> the same error again. Avoid that documenting the 'value' argument
> must not be NULL.
I think we should also add some use of __attribute__((nonnull(...))) to enforce
this within the compiler.
I recently did this without a qemu/compiler.h QEMU_FOO wrapper within
target/arm. But the nonnull option has optional arguments, so it might be
difficult to wrap in macros.
r~