On 7/26/23 02:43, Peter Maydell wrote:
(Something went wrong with the quoting in your email. I've
fixed it up.)
On Wed, 26 Jul 2023 at 05:38, <dingli...@cmss.chinamobile.com> wrote:
Peter Maydell wrote:
The third part here, is that g_malloc() does not ever
fail -- it will abort() on out of memory. However
the code here is still handling g_malloc() returning NULL.
The equivalent for "we expect this might fail" (which we want
here, because the guest is passing us the length of memory
to try to allocate) is g_try_malloc().
g_malloc() is preferred more than g_try_* functions, which return NULL on error,
when the size of the requested allocation is small.
This is because allocating few bytes should not be a problem in a healthy
system.
This is true. But in this particular case we cannot be sure
that the size of the allocation is small, because the size
is controlled by the guest. So we want g_try_malloc().
And why do we want to use g_try_malloc instead of just sticking with malloc?
I see no reason to change anything at all here.
r~
