From owner-svn-src-all@freebsd.org Fri May 25 18:29:56 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DF3BBEF038B; Fri, 25 May 2018 18:29:55 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 564A46D7BD; Fri, 25 May 2018 18:29:55 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: by mail-wm0-x235.google.com with SMTP id j4-v6so16729668wme.1; Fri, 25 May 2018 11:29:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=XM7CF0o8v1rOlaJZaflsnA8XMTpGrUvY9JM7GvrE+3I=; b=GfZeITMMiXZAVmVLju/yY3TBVczvaHxjluRzu5XN303ryWv9bL3WTF1URzS5wHRwed n0HkBX15Te0u1SsexzA9J9MRAAgUr8W89/DMqWGvocDBZLnOIqJaq9ZUgGcNIOkoRxjd cD4XXWYZwHhTGbGqVs6SxjfYyimkLAC/2Mczv9/3ZJbpRAH7uFZjYONHnvOjcDoUWplQ TbHwZpiLMnB6QtRsRFqd46HRmwxwakV5JbbK/MPmDbrgBcacXELxUBelrtiR4RK0HKxf HY3vU+G4645Xg4qN3qQq8aKyR31jv946heKsLwqgzuZi64YJEFkY2ZEeDegBtskBzUk/ UbKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=XM7CF0o8v1rOlaJZaflsnA8XMTpGrUvY9JM7GvrE+3I=; b=P+0GL9I0BBa8Gkeyh0iznp/vS+Q2X+dc9Lp+jdtdHWbHCNNfSOPwEOLvCQ6sCn8uWH 95/dVawB0/HggKSqLBiTl+d7YdfKyG+qmp0aPDJrW4N+3yNLUEys/HUMcdOWTOGPwmv/ RheKfKrDZtor68oOOGuS5m+LAv/4Rn/8CxgOUXBoBdXA6YxvE9NOLBgR7l0wdpAfEIqg jxSoC8Q6jf5sU2RgRa8/th6lRPlRzKH9ijZYqu7rqy30BxHeLJm/RUc98M533K1xelIK yLbeZbtii5d+93itM8qNHyE9ZIv2sKN455dgwTRIPVaVY/PwBw/RAGsdulj1sZFVNkjE mp5Q== X-Gm-Message-State: ALKqPwdclvb82F5bhElLZy/t/PrjXsCY8uDqSe/pFCWeJjBWtvRmHDBg 5s6nlmgUFJJKgq4WFDIuSLvkrKZ5k7kfSRKj5AE= X-Google-Smtp-Source: AB8JxZq+PWEKr6kOJgQXqJi8XSbjdhS8iQTns28bsCFn+w86Yzs0s7y01z7txXGyKf0bNRt/2vuLBkWaQqo++v3gfmo= X-Received: by 2002:a2e:6808:: with SMTP id c8-v6mr2390270lja.109.1527272994067; Fri, 25 May 2018 11:29:54 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:1fc9:0:0:0:0:0 with HTTP; Fri, 25 May 2018 11:29:53 -0700 (PDT) Reply-To: araujo@freebsd.org In-Reply-To: <20180525182139.GE99063@spindle.one-eyed-alien.net> References: <201805250207.w4P275Pf060725@repo.freebsd.org> <20180525151134.GB99063@spindle.one-eyed-alien.net> <20180525174424.GD99063@spindle.one-eyed-alien.net> <20180525182139.GE99063@spindle.one-eyed-alien.net> From: Marcelo Araujo Date: Sat, 26 May 2018 02:29:53 +0800 Message-ID: Subject: Re: svn commit: r334199 - head/usr.sbin/bhyve To: Brooks Davis Cc: Eitan Adler , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 May 2018 18:29:56 -0000 2018-05-26 2:21 GMT+08:00 Brooks Davis : > On Sat, May 26, 2018 at 01:56:28AM +0800, Marcelo Araujo wrote: > > 2018-05-26 1:44 GMT+08:00 Brooks Davis : > > > > > On Sat, May 26, 2018 at 01:21:33AM +0800, Marcelo Araujo wrote: > > > > On Sat, May 26, 2018, 1:11 AM Eitan Adler > wrote: > > > > > > > > > On 25 May 2018 at 08:23, Marcelo Araujo > > > wrote: > > > > > > > > > > > > > > > > > > On Fri, May 25, 2018, 11:11 PM Brooks Davis > > > wrote: > > > > > >> > > > > > >> On Fri, May 25, 2018 at 02:07:05AM +0000, Marcelo Araujo wrote: > > > > > >> > Author: araujo > > > > > >> > Date: Fri May 25 02:07:05 2018 > > > > > >> > New Revision: 334199 > > > > > >> > URL: https://svnweb.freebsd.org/changeset/base/334199 > > > > > >> > > > > > > >> > Log: > > > > > >> > Fix a memory leak on topology_parse(). > > > > > >> > > > > > > >> > strdup(3) allocates memory for a copy of the string, does > the > > > copy > > > > > and > > > > > >> > returns a pointer to it. If there is no sufficient memory > NULL > > > is > > > > > >> > returned > > > > > >> > and the global errno is set to ENOMEM. > > > > > >> > We do a sanity check to see if it was possible to allocate > > > enough > > > > > >> > memory. > > > > > >> > > > > > > >> > Also as we allocate memory, we need to free this memory > used. > > > Or it > > > > > >> > will > > > > > >> > going out of scope leaks the storage it points to. > > > > > >> > > > > > > >> > Reviewed by: rgrimes > > > > > >> > MFC after: 3 weeks. > > > > > >> > X-MFC: r332298 > > > > > >> > Sponsored by: iXsystems Inc. > > > > > >> > Differential Revision: https://reviews.freebsd.org/ > D15550 > > > > > >> > > > > > > >> > Modified: > > > > > >> > head/usr.sbin/bhyve/bhyverun.c > > > > > >> > > > > > > >> > Modified: head/usr.sbin/bhyve/bhyverun.c > > > > > >> > > > > > > >> > > > > > > ============================================================ > > > ================== > > > > > >> > --- head/usr.sbin/bhyve/bhyverun.c Fri May 25 01:38:59 2018 > > > > > >> > (r334198) > > > > > >> > +++ head/usr.sbin/bhyve/bhyverun.c Fri May 25 02:07:05 2018 > > > > > >> > (r334199) > > > > > >> > @@ -193,6 +193,7 @@ topology_parse(const char *opt) > > > > > >> > c = 1, n = 1, s = 1, t = 1; > > > > > >> > ns = false, scts = false; > > > > > >> > str = strdup(opt); > > > > > >> > + assert(str != NULL); > > > > > >> > > > > > >> Using assert seems like an odd choice when you've already added > a > > > > > >> failure path and the strsep will crash immediately if assert is > > > elided. > > > > > > > > > > > > > > > > > > Just to make a better point, I had the same discussion about > > > assert(3) in > > > > > > another review, we don't do NDEBUG even for RELEASE. > > > > > > > > > > IMHO we only use assert for asserting things ought to never be > false > > > > > except in buggy code. Using assert for handling is poor practice. > > > > > > > > > > > > > Again, in this case we are using it all over the place and we must > > > replace > > > > it. Also we should document it in somewhere perhaps in the assert(3) > > > > otherwise myself and others will keep using it. If you use find, not > only > > > > myself is using it to check strdup! So what is the suggestion to > handle > > > > assert(3)? Deprecated it? > > > > > > Code that uses assert() in place of error handling is wrong and should > > > be fixed. assert(condition) means that condition must never happen > > > and if it does a bug has occurred (or the programmers assumptions are > > > wrong). In this case failure would not be due to a bug, but do to > > > resource exhaustion which is expected to be handled. > > > > > > > I agree with you! We have plenty of place that use strdup(3) without > check > > the errno ENOMEN return; so do you think would be better bypass a errno > > ENOMEN without check it and have a crash, or better abort(3) using > > assert(3) in case we have no memory available to allocated the memory > for a > > copy of a string? > > The correct code here would be one of: > > str = strdup(opt); > if (str == NULL) > goto out; > > str = strdup(opt); > if (str == NULL) > err(1, "unable to allocate option memory"); > One more thing, exit with err(1) is wrong, 1 is EPERM and should be 12 ENOMEN! :D > > > Personally I don't mind make couple extra lines of code to call abort(3) > or > > exit(3), but till there, if we don't make RELEASE using NDEBUG, what you > > guys are saying to me is more personal preference than anything else. > > The fact that we don't do NDEBUG builds normally does not allow us to > ignore that it exists. It's perfectly reasonable for a user to build > with CFLAGS+=NDEBUG. That need to work. If code is going to fail to > handle resource errors with NDEBUG set then it needs something like this > at the top of the file: > > #ifdef NDEBUG > #error The code depends on assert() for error handling > #endif > > -- Brooks > -- -- Marcelo Araujo (__)araujo@FreeBSD.org \\\'',)http://www.FreeBSD.org \/ \ ^ Power To Server. .\. /_)