qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: "Markus Armbruster" <armbru@redhat.com>,
	"Daniel P. Berrangé" <berrange@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	qemu-devel@nongnu.org, Eduardo Habkost <ehabkost@redhat.com>
Subject: Re: [PATCH-for-5.2 1/5] hw/core/qdev-properties: Simplify get_reserved_region()
Date: Thu, 16 Jul 2020 10:38:12 +0200	[thread overview]
Message-ID: <699828e5-83bd-1dfa-904a-8d38a0178e63@redhat.com> (raw)
In-Reply-To: <87o8ofrhgl.fsf@dusky.pond.sub.org>

On 7/16/20 10:29 AM, Markus Armbruster wrote:
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> 
>> Use the safer g_strdup_printf() over snprintf() + abort().
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>>  hw/core/qdev-properties.c | 9 +++------
>>  1 file changed, 3 insertions(+), 6 deletions(-)
>>
>> diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
>> index 098298c78e..d5f5aa150b 100644
>> --- a/hw/core/qdev-properties.c
>> +++ b/hw/core/qdev-properties.c
>> @@ -581,13 +581,10 @@ static void get_reserved_region(Object *obj, Visitor *v, const char *name,
>>      DeviceState *dev = DEVICE(obj);
>>      Property *prop = opaque;
>>      ReservedRegion *rr = qdev_get_prop_ptr(dev, prop);
>> -    char buffer[64];
>> -    char *p = buffer;
>> -    int rc;
>> +    g_autofree char *p;
>>  
>> -    rc = snprintf(buffer, sizeof(buffer), "0x%"PRIx64":0x%"PRIx64":%u",
>> -                  rr->low, rr->high, rr->type);
>> -    assert(rc < sizeof(buffer));
>> +    p = g_strdup_printf("0x%"PRIx64":0x%"PRIx64":%u",
>> +                        rr->low, rr->high, rr->type);
>>  
>>      visit_type_str(v, name, &p, errp);
>>  }
> 
> I don't buy "safer" (the old code is already safe).

I'm suspicious when I find an assert/abort in a code reachable by
management interface, as IIUC we don't want to crash the process.
I agree this shouldn't happen and if it happens we are screwed
anyway.

> I could buy
> "simpler".
> 
> It's also less efficient, but that shouldn't matter in a property
> getter.

If we want more efficient code, we should replace all the
g_strdup_printf() calls by snprintf() + assert() in the places
where we don't expect failure. This seems counterproductive from
a maintenance PoV. At some point we should make a decision and
not allow more than 3 similar APIs at a time. We have been
recommended to use GLib instead of snprintf() because it is "safer".
Can we be consistent with recommendations? Else we should stop
recommending to use GLib and friends.

Thanks,

Phil.



  reply	other threads:[~2020-07-16  8:38 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-15 17:58 [RFC PATCH-for-5.2 0/5] qom: Let ObjectPropertyGet functions return a boolean value Philippe Mathieu-Daudé
2020-07-15 17:58 ` [PATCH-for-5.2 1/5] hw/core/qdev-properties: Simplify get_reserved_region() Philippe Mathieu-Daudé
2020-07-16  8:29   ` Markus Armbruster
2020-07-16  8:38     ` Philippe Mathieu-Daudé [this message]
2020-07-16  9:36       ` Markus Armbruster
2020-07-15 17:58 ` [RFC PATCH-for-5.2 2/5] qom: Split ObjectPropertyAccessor as ObjectProperty[Get/Set] Philippe Mathieu-Daudé
2020-07-15 17:58 ` [PATCH-for-5.2 3/5] qom: Use g_autofree in ObjectPropertyGet functions Philippe Mathieu-Daudé
2020-07-15 17:58 ` [RFC PATCH-for-5.2 4/5] qom: Let ObjectPropertyGet functions return a boolean value Philippe Mathieu-Daudé
2020-07-16  9:07   ` Markus Armbruster
2020-09-07 14:26     ` Markus Armbruster
2020-09-07 14:36       ` Peter Maydell
2020-09-07 14:36       ` Philippe Mathieu-Daudé
2020-07-15 17:58 ` [RFC PATCH-for-5.2 5/5] hw/virtio: Simplify virtio_mem_set_requested_size() Philippe Mathieu-Daudé
2020-07-16  9:14   ` Markus Armbruster
2020-07-16  8:25 ` [RFC PATCH-for-5.2 0/5] qom: Let ObjectPropertyGet functions return a boolean value Markus Armbruster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=699828e5-83bd-1dfa-904a-8d38a0178e63@redhat.com \
    --to=philmd@redhat.com \
    --cc=armbru@redhat.com \
    --cc=berrange@redhat.com \
    --cc=ehabkost@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).