diff mbox

[2/2] qom: Make object_initialize and object_initialize_with_type check size

Message ID 1377265136-8559-3-git-send-email-peter.maydell@linaro.org
State Rejected
Headers show

Commit Message

Peter Maydell Aug. 23, 2013, 1:38 p.m. UTC
Replace object_initialize and object_initialize_with_type with macro
wrappers which pass the size of the type pointed at by their data
argument, so that we can assert that there is enough memory passed
in to instantiate the object.

We add _unchecked variants of each function for the special cases
where the check is not desired, and change the handful of callsites
that require the _unchecked variant.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/core/qdev.c       |    2 +-
 include/qom/object.h |   36 ++++++++++++++++++++++++++++++++++--
 qom/object.c         |    9 +++++----
 3 files changed, 40 insertions(+), 7 deletions(-)
diff mbox

Patch

diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 758de9f..89e4aa9 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -473,7 +473,7 @@  static void bus_unparent(Object *obj)
 void qbus_create_inplace(void *bus, const char *typename,
                          DeviceState *parent, const char *name)
 {
-    object_initialize(bus, typename);
+    object_initialize_unchecked(bus, typename);
     qbus_realize(bus, parent, name);
 }
 
diff --git a/include/qom/object.h b/include/qom/object.h
index 9b69065..0b451c5 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -591,8 +591,24 @@  Object *object_new_with_type(Type type);
  * This function will initialize an object.  The memory for the object should
  * have already been allocated.  The returned object has a reference count of 1,
  * and will be finalized when the last reference is dropped.
+ * The obj pointer should be a pointer to a type whose size is sufficient
+ * for the object; this will be checked.
  */
-void object_initialize_with_type(void *data, Type type);
+#define object_initialize_with_type(PTR, TYPE) \
+    do_object_initialize_with_type(PTR, TYPE, sizeof(*(PTR)))
+
+/**
+ * object_initialize_with_type_unchecked:
+ * @obj: A pointer to the memory to be used for the object.
+ * @type: The type of the object to instantiate.
+ *
+ * Variant of object_initialize_with_type which does not check that the
+ * type which obj is a pointer to has enough space for the object.
+ */
+#define object_initialize_with_type_unchecked(PTR, TYPE) \
+    do_object_initialize_with_type(PTR, TYPE, 0)
+
+void do_object_initialize_with_type(void *data, Type type, size_t datasize);
 
 /**
  * object_initialize:
@@ -602,8 +618,24 @@  void object_initialize_with_type(void *data, Type type);
  * This function will initialize an object.  The memory for the object should
  * have already been allocated.  The returned object has a reference count of 1,
  * and will be finalized when the last reference is dropped.
+ * The obj pointer should be a pointer to a type whose size is sufficient
+ * for the object; this will be checked.
  */
-void object_initialize(void *obj, const char *typename);
+#define object_initialize(PTR, TYPE) \
+    do_object_initialize(PTR, TYPE, sizeof(*(PTR)))
+
+/**
+ * object_initialize_unchecked:
+ * @obj: A pointer to the memory to be used for the object.
+ * @typename: The name of the type of the object to instantiate.
+ *
+ * Variant of object_initialize which does not check that the
+ * type which obj is a pointer to has enough space for the object.
+ */
+#define object_initialize_unchecked(PTR, TYPE) \
+    do_object_initialize(PTR, TYPE, 0)
+
+void do_object_initialize(void *obj, const char *typename, size_t datasize);
 
 /**
  * object_dynamic_cast:
diff --git a/qom/object.c b/qom/object.c
index 74fd241..46f0685 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -311,7 +311,7 @@  static void object_post_init_with_type(Object *obj, TypeImpl *ti)
     }
 }
 
-void object_initialize_with_type(void *data, TypeImpl *type)
+void do_object_initialize_with_type(void *data, TypeImpl *type, size_t datasize)
 {
     Object *obj = data;
 
@@ -320,6 +320,7 @@  void object_initialize_with_type(void *data, TypeImpl *type)
 
     g_assert(type->instance_size >= sizeof(Object));
     g_assert(type->abstract == false);
+    g_assert(datasize == 0 || datasize >= type->instance_size);
 
     memset(obj, 0, type->instance_size);
     obj->class = type->class;
@@ -329,11 +330,11 @@  void object_initialize_with_type(void *data, TypeImpl *type)
     object_post_init_with_type(obj, type);
 }
 
-void object_initialize(void *data, const char *typename)
+void do_object_initialize(void *data, const char *typename, size_t datasize)
 {
     TypeImpl *type = type_get_by_name(typename);
 
-    object_initialize_with_type(data, type);
+    do_object_initialize_with_type(data, type, datasize);
 }
 
 static inline bool object_property_is_child(ObjectProperty *prop)
@@ -424,7 +425,7 @@  Object *object_new_with_type(Type type)
     type_initialize(type);
 
     obj = g_malloc(type->instance_size);
-    object_initialize_with_type(obj, type);
+    object_initialize_with_type_unchecked(obj, type);
     obj->free = g_free;
 
     return obj;