David Sarrazin
07/06/2009 4:24 PM
post33218
|
> -----Original Message-----
> From: Aleksandar Ristovski [mailto:community-noreply@qnx.com]
> Sent: July 6, 2009 4:15 PM
> To: ostech-core_os
> Subject: Re: alloca
>
> Mario Charest wrote:
> >
> >> -----Original Message-----
> >> From: Aleksandar Ristovski [mailto:community-noreply@qnx.com]
> >> Sent: July-06-09 3:10 PM
> >> To: ostech-core_os
> >> Subject: Re: alloca
> >>
> >> Any thoughts?
> >>
> >> Aleksandar Ristovski wrote:
> >>> Hello,
> >>>
> >>> Current definition of alloca creates problems in code like this:
> >>>
> >>> char *str = strcpy (alloca (strlen (command_str) + 1),
> >> command_str);
> >>> Compiler generates error:
> >>>
> >>> error: null argument where non-null required (argument 1)
> >
> >
> > Wouldn't it be the definition of strcpy? Alloca could
> return NULL and
> > strcpy will crash if the argument is null. Seems to me like
> the error
> > is deserved. This code is broken, the return value of
> alloca should
> > be checked,
>
> malloc can return NULL too, yet there will be no warnings here:
>
> char *str = strcpy (malloc (strlen (command_str) + 1), command_str);
>
> gcc doesn't really know if a function can return NULL or not,
> but it can 'see' if a value may get explicit NULL which is
> happening in our alloca case:
>
> #define alloca(s) \
> ((void*)(((__ALLOCA_ALIGN(s)+128)<__stackavail())?_alloca(s):NULL))
>
> So my question is still:
>
> >>> Why did we define alloca the way we did?
Since alloca() can determine ahead of time if the allocation will work
or not, it's better to define it so that the compiler will complain.
That way broken code can be fixed.
> >>>
> >>> If there is no particular reason, then would something like this
> >> patch
> >>> (attached) make sense?
I never saw the patch proposal, it doesn't look like it was attached.
|
|
|