On 6/29/20 12:08 AM, Philippe Mathieu-Daudé wrote: > Coverity noticed commit 950c4e6c94 introduced a dereference before > null check in get_opt_value (CID1391003): > > In get_opt_value: All paths that lead to this null pointer > comparison already dereference the pointer earlier (CWE-476) > > We fixed this in commit 6e3ad3f0e31, but relaxed the check in commit > 0c2f6e7ee99 because "No callers of get_opt_value() pass in a NULL > for the 'value' parameter". > > Since this function is publicly exposed, it risks new users to do > the same error again. Avoid that documenting the 'value' argument > must not be NULL.
I think we should also add some use of __attribute__((nonnull(...))) to enforce this within the compiler. I recently did this without a qemu/compiler.h QEMU_FOO wrapper within target/arm. But the nonnull option has optional arguments, so it might be difficult to wrap in macros. r~
