[dm- devel][PATCH] vector: return null when realloc fails in vector_alloc_slot func

[dm- devel][PATCH] vector: return null when realloc fails in vector_alloc_slot func

[Zhiqiang Liu]

In vector_alloc_slot func, if REALLOC fails, it means new slot
allocation fails. However, it just update v->allocated and then
return the old v->slot without new slot. So, the caller will take
the last old slot as the new allocated slot, and use it by calling
vector_set_slot func. Finally, the data of last slot is lost.

Here, if REALLOC or MALLOC fails, we will return NULL.

Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: lixiaokeng <lixiaokeng@huawei.com>
---
 libmultipath/vector.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libmultipath/vector.c b/libmultipath/vector.c
index 501cf4c5..29dc9848 100644
--- a/libmultipath/vector.c
+++ b/libmultipath/vector.c
@@ -49,12 +49,14 @@ vector_alloc_slot(vector v)
 	else
 		new_slot = (void *) MALLOC(sizeof (void *) * v->allocated);

-	if (!new_slot)
+	/* If REALLOC or MALLOC fails, it means new slot allocation fails, so return NULL. */
+	if (!new_slot) {
 		v->allocated -= VECTOR_DEFAULT_SIZE;
-	else
-		v->slot = new_slot;
+		return NULL;
+	}

-	return v->slot;
+	v->slot = new_slot;
+	return v->slot[VECTOR_SIZE(v) - 1];
 }

 int
-- 
2.24.0.windows.2

Re: [dm- devel][PATCH] vector: return null when realloc fails in vector_alloc_slot func

[Benjamin Marzinski]

On Fri, Jul 31, 2020 at 06:41:57PM +0800, Zhiqiang Liu wrote:
> 
> In vector_alloc_slot func, if REALLOC fails, it means new slot
> allocation fails. However, it just update v->allocated and then
> return the old v->slot without new slot. So, the caller will take
> the last old slot as the new allocated slot, and use it by calling
> vector_set_slot func. Finally, the data of last slot is lost.
>

Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com>
 
> Here, if REALLOC or MALLOC fails, we will return NULL.
> 
> Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
> Signed-off-by: lixiaokeng <lixiaokeng@huawei.com>
> ---
>  libmultipath/vector.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/libmultipath/vector.c b/libmultipath/vector.c
> index 501cf4c5..29dc9848 100644
> --- a/libmultipath/vector.c
> +++ b/libmultipath/vector.c
> @@ -49,12 +49,14 @@ vector_alloc_slot(vector v)
>  	else
>  		new_slot = (void *) MALLOC(sizeof (void *) * v->allocated);
> 
> -	if (!new_slot)
> +	/* If REALLOC or MALLOC fails, it means new slot allocation fails, so return NULL. */
> +	if (!new_slot) {
>  		v->allocated -= VECTOR_DEFAULT_SIZE;
> -	else
> -		v->slot = new_slot;
> +		return NULL;
> +	}
> 
> -	return v->slot;
> +	v->slot = new_slot;
> +	return v->slot[VECTOR_SIZE(v) - 1];
>  }
> 
>  int
> -- 
> 2.24.0.windows.2

Re: [dm- devel][PATCH] vector: return null when realloc fails in vector_alloc_slot func

[Martin Wilck]

Hello Liu,

On Fri, 2020-07-31 at 18:41 +0800, Zhiqiang Liu wrote:
> In vector_alloc_slot func, if REALLOC fails, it means new slot
> allocation fails. However, it just update v->allocated and then
> return the old v->slot without new slot. So, the caller will take
> the last old slot as the new allocated slot, and use it by calling
> vector_set_slot func. Finally, the data of last slot is lost.
> 
> Here, if REALLOC or MALLOC fails, we will return NULL.
> 
> Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
> Signed-off-by: lixiaokeng <lixiaokeng@huawei.com>
> ---
>  libmultipath/vector.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/libmultipath/vector.c b/libmultipath/vector.c
> index 501cf4c5..29dc9848 100644
> --- a/libmultipath/vector.c
> +++ b/libmultipath/vector.c
> @@ -49,12 +49,14 @@ vector_alloc_slot(vector v)
>  	else
>  		new_slot = (void *) MALLOC(sizeof (void *) * v-
> >allocated);
> 
> -	if (!new_slot)
> +	/* If REALLOC or MALLOC fails, it means new slot allocation
> fails, so return NULL. */
> +	if (!new_slot) {
>  		v->allocated -= VECTOR_DEFAULT_SIZE;
> -	else
> -		v->slot = new_slot;
> +		return NULL;
> +	}
> 
> -	return v->slot;
> +	v->slot = new_slot;
> +	return v->slot[VECTOR_SIZE(v) - 1];

This changes the semantics of the function by returning the last 
element of the vector rather than v->slot. That's dangerous because
these elements aren't initialized. You might as well return NULL in
case of success, which would obviously be wrong (actually, new elements
_should_ be initialized to NULL). As the return value is only ever used
to check for successful allocation, it might be best to change it into
a bool, avoiding any ambiguity about its meaning.

If you want to clean up this function (appreciated!), please do it
right:

 - increment v->allocated only after successful allocation,
 - avoid the "if (v->slot)" conditional by just calling realloc(),
 - make sure all newly allocated vector elements are set to NULL,
 - optionally, change return value to bool (see above).

Regards,
Martin

Re: [dm- devel][PATCH] vector: return null when realloc fails in vector_alloc_slot func

[Zhiqiang Liu]

On 2020/8/10 21:48, Martin Wilck wrote:
> Hello Liu,
> 
> On Fri, 2020-07-31 at 18:41 +0800, Zhiqiang Liu wrote:
>> In vector_alloc_slot func, if REALLOC fails, it means new slot
>> allocation fails. However, it just update v->allocated and then
>> return the old v->slot without new slot. So, the caller will take
>> the last old slot as the new allocated slot, and use it by calling
>> vector_set_slot func. Finally, the data of last slot is lost.
>>
>> Here, if REALLOC or MALLOC fails, we will return NULL.
>>
>> Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
>> Signed-off-by: lixiaokeng <lixiaokeng@huawei.com>
>> ---
>>  libmultipath/vector.c | 10 ++++++----
>>  1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/libmultipath/vector.c b/libmultipath/vector.c
>> index 501cf4c5..29dc9848 100644
>> --- a/libmultipath/vector.c
>> +++ b/libmultipath/vector.c
>> @@ -49,12 +49,14 @@ vector_alloc_slot(vector v)
>>  	else
>>  		new_slot = (void *) MALLOC(sizeof (void *) * v-
>>> allocated);
>>
>> -	if (!new_slot)
>> +	/* If REALLOC or MALLOC fails, it means new slot allocation
>> fails, so return NULL. */
>> +	if (!new_slot) {
>>  		v->allocated -= VECTOR_DEFAULT_SIZE;
>> -	else
>> -		v->slot = new_slot;
>> +		return NULL;
>> +	}
>>
>> -	return v->slot;
>> +	v->slot = new_slot;
>> +	return v->slot[VECTOR_SIZE(v) - 1];
> 
> This changes the semantics of the function by returning the last 
> element of the vector rather than v->slot. That's dangerous because
> these elements aren't initialized. You might as well return NULL in
> case of success, which would obviously be wrong (actually, new elements
> _should_ be initialized to NULL). As the return value is only ever used
> to check for successful allocation, it might be best to change it into
> a bool, avoiding any ambiguity about its meaning.
> 
> If you want to clean up this function (appreciated!), please do it
> right:
> 
>  - increment v->allocated only after successful allocation,
>  - avoid the "if (v->slot)" conditional by just calling realloc(),
>  - make sure all newly allocated vector elements are set to NULL,
>  - optionally, change return value to bool (see above).
> 
> Regards,
> Martin
> 
Thanks for your suggestion.
I will rewrite and send the v2 patch as your suggestion.

> 
> 
> .
>