[PATCH v2 1/2] xfuncs: return NULL from xstrdup_wchar(NULL)

[PATCH v2 1/2] xfuncs: return NULL from xstrdup_wchar(NULL)

[Ahmad Fatoum]

From: Ahmad Fatoum <ahmad@a3f.at>

strdup_wchar, strdup_char_to_wchar and xstrdup_wchar_to_char all return
NULL when passed a NULL pointer. It's thus misleading for the xfunc
version of them to trigger an enomem_panic in that case.

Fix this by passing along the NULL pointer unchanged.
xstrdup() already behaves exactly this way.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
v1 -> v2:
  - new patch
---
 lib/xfuncs.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/lib/xfuncs.c b/lib/xfuncs.c
index ac67bf4f5584..d4beecddf5aa 100644
--- a/lib/xfuncs.c
+++ b/lib/xfuncs.c
@@ -146,8 +146,12 @@ EXPORT_SYMBOL(xasprintf);
 
 wchar_t *xstrdup_wchar(const wchar_t *s)
 {
-	wchar_t *p = strdup_wchar(s);
+	wchar_t *p;
 
+	if (!s)
+		return NULL;
+
+	p = strdup_wchar(s);
 	if (!p)
 		enomem_panic((wcslen(s) + 1) * sizeof(wchar_t));
 
@@ -157,8 +161,12 @@ EXPORT_SYMBOL(xstrdup_wchar);
 
 wchar_t *xstrdup_char_to_wchar(const char *s)
 {
-	wchar_t *p = strdup_char_to_wchar(s);
+	wchar_t *p;
 
+	if (!s)
+		return NULL;
+
+	p = strdup_char_to_wchar(s);
 	if (!p)
 		enomem_panic((strlen(s) + 1) * sizeof(wchar_t));
 
@@ -168,8 +176,12 @@ EXPORT_SYMBOL(xstrdup_char_to_wchar);
 
 char *xstrdup_wchar_to_char(const wchar_t *s)
 {
-	char *p = strdup_wchar_to_char(s);
+	char *p;
 
+	if (!s)
+		return NULL;
+
+	p = strdup_wchar_to_char(s);
 	if (!p)
 		enomem_panic((wcslen(s) + 1) * sizeof(wchar_t));
 
-- 
2.39.2

[PATCH v2 2/2] include: xfuncs: employ compiler attributes to aid GCC warnings

[Ahmad Fatoum]

From: Ahmad Fatoum <ahmad@a3f.at>

We already use __alloc_size and __realloc_size in <malloc.h>, so GCC can
warn about some types of memory safety issues at build-time.

Let's have the same for xfuncs.h as well and additionally specify
__returns_nonnull, so the compiler could provide better diagnostics.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
v1 -> v2:
  - spell attribute the same in __has_attribute and __attribute__
  - drop __returns_nonnull from strdup style functions that return
    NULL if the argument is NULL
---
 include/linux/compiler_types.h   |  9 +++++++++
 include/xfuncs.h                 | 17 +++++++++--------
 scripts/include/linux/compiler.h |  9 +++++++++
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
index d925b3da296d..a713459f6e47 100644
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -157,6 +157,12 @@ struct ftrace_likely_data {
 # define __no_stack_protector
 #endif
 
+#if __has_attribute(__returns_nonnull__)
+#define __returns_nonnull		__attribute__((__returns_nonnull__))
+#else
+#define __returns_nonnull
+#endif
+
 #endif /* __KERNEL__ */
 
 #endif /* __ASSEMBLY__ */
@@ -212,6 +218,9 @@ struct ftrace_likely_data {
 # define __realloc_size(x, ...)
 #endif
 
+# define __xalloc_size(args...)		__returns_nonnull __alloc_size(args)
+# define __xrealloc_size(args...)	__returns_nonnull __realloc_size(args)
+
 /* Are two types/vars the same type (ignoring qualifiers)? */
 #define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
 
diff --git a/include/xfuncs.h b/include/xfuncs.h
index a9132d378722..60ec220bd9b8 100644
--- a/include/xfuncs.h
+++ b/include/xfuncs.h
@@ -3,18 +3,19 @@
 #define __XFUNCS_H
 
 #include <linux/types.h>
+#include <linux/compiler.h>
 #include <stdarg.h>
 #include <wchar.h>
 
-void *xmalloc(size_t size);
-void *xrealloc(void *ptr, size_t size);
-void *xzalloc(size_t size);
+void *xmalloc(size_t size) __xalloc_size(1);
+void *xrealloc(void *ptr, size_t size) __xrealloc_size(2);
+void *xzalloc(size_t size) __xalloc_size(1);
 char *xstrdup(const char *s);
-char *xstrndup(const char *s, size_t size);
-void* xmemalign(size_t alignment, size_t bytes);
-void* xmemdup(const void *orig, size_t size);
-char *xasprintf(const char *fmt, ...) __attribute__ ((format(__printf__, 1, 2)));
-char *xvasprintf(const char *fmt, va_list ap);
+char *xstrndup(const char *s, size_t size) __returns_nonnull;
+void* xmemalign(size_t alignment, size_t bytes) __xalloc_size(2);
+void* xmemdup(const void *orig, size_t size) __returns_nonnull;
+char *xasprintf(const char *fmt, ...) __attribute__ ((format(__printf__, 1, 2))) __returns_nonnull;
+char *xvasprintf(const char *fmt, va_list ap) __returns_nonnull;
 
 wchar_t *xstrdup_wchar(const wchar_t *src);
 wchar_t *xstrdup_char_to_wchar(const char *src);
diff --git a/scripts/include/linux/compiler.h b/scripts/include/linux/compiler.h
index fa7208a32d76..780ccec21a3c 100644
--- a/scripts/include/linux/compiler.h
+++ b/scripts/include/linux/compiler.h
@@ -39,6 +39,15 @@
 # define unlikely(x)		__builtin_expect(!!(x), 0)
 #endif
 
+#ifndef __returns_nonnull
+# define __returns_nonnull
+#endif
+
+# define __alloc_size(x, ...)
+# define __realloc_size(x, ...)
+# define __xalloc_size(args...)		__returns_nonnull __alloc_size(args)
+# define __xrealloc_size(args...)	__returns_nonnull __realloc_size(args)
+
 #define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x))
 
 #include <linux/types.h>
-- 
2.39.2

Re: [PATCH v2 1/2] xfuncs: return NULL from xstrdup_wchar(NULL)

[Sascha Hauer]

On Wed, 17 Jul 2024 09:28:42 +0200, Ahmad Fatoum wrote:
> strdup_wchar, strdup_char_to_wchar and xstrdup_wchar_to_char all return
> NULL when passed a NULL pointer. It's thus misleading for the xfunc
> version of them to trigger an enomem_panic in that case.
> 
> Fix this by passing along the NULL pointer unchanged.
> xstrdup() already behaves exactly this way.
> 
> [...]

Applied, thanks!

[1/2] xfuncs: return NULL from xstrdup_wchar(NULL)
      https://git.pengutronix.de/cgit/barebox/commit/?id=4cb8c6cd241b (link may not be stable)
[2/2] include: xfuncs: employ compiler attributes to aid GCC warnings
      https://git.pengutronix.de/cgit/barebox/commit/?id=86f784ae4e68 (link may not be stable)

Best regards,
-- 
Sascha Hauer <s.hauer@pengutronix.de>