qapi: Document that input visitor semantics are prone to leaks
Most functions that can return a pointer or set an Error ** value are decent enough to guarantee a NULL return when reporting an error. Not so with our generated qapi visitor functions. If the caller is not careful to clean up partially-allocated objects on error, then the caller suffers a memory leak. Properly fixing it is probably complex enough to save for a later day, so merely document it for now. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1438295587-19069-1-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
This commit is contained in:
parent
999387782f
commit
2f52e20597
@ -115,6 +115,10 @@ out:
|
||||
|
||||
|
||||
def generate_visit_struct_body(name):
|
||||
# FIXME: if *obj is NULL on entry, and visit_start_struct() assigns to
|
||||
# *obj, but then visit_type_FOO_fields() fails, we should clean up *obj
|
||||
# rather than leaving it non-NULL. As currently written, the caller must
|
||||
# call qapi_free_FOO() to avoid a memory leak of the partial FOO.
|
||||
ret = mcgen('''
|
||||
Error *err = NULL;
|
||||
|
||||
|
@ -636,6 +636,8 @@ static void test_visitor_in_errors(TestInputVisitorData *data,
|
||||
|
||||
visit_type_TestStruct(v, &p, NULL, &err);
|
||||
g_assert(err);
|
||||
/* FIXME - a failed parse should not leave a partially-allocated p
|
||||
* for us to clean up; this could cause callers to leak memory. */
|
||||
g_assert(p->string == NULL);
|
||||
|
||||
error_free(err);
|
||||
|
Loading…
Reference in New Issue
Block a user