All underlying glibc calls are free to return NULL if the size argument
is 0. We most often call those functions with a fixed argument, or at least
something which obviously cannot be zero, but it's too easy to forget.
E.g. coverity complains about "rows = new0(JsonVariant*, n_rows-1);" in
format-table.c There is an assert that n_rows > 0, so we could hit this
corner case here. Let's simplify callers and make those functions "safe".
CID #
1397035.
The compiler is mostly able to optimize this away:
$ size build{,-opt}/src/shared/libsystemd-shared-239.so
(before)
text data bss dec hex filename
2643329 580940 3112
3227381 313ef5 build/src/shared/libsystemd-shared-239.so (-O0 -g)
2170013 578588 3089
2751690 29fcca build-opt/src/shared/libsystemd-shared-239.so (-03 -flto -g)
(after)
text data bss dec hex filename
2644017 580940 3112
3228069 3141a5 build/src/shared/libsystemd-shared-239.so
2170765 578588 3057
2752410 29ff9a build-opt/src/shared/libsystemd-shared-239.so
assert(l == 0 || p);
- ret = malloc(l);
+ ret = malloc(l ?: 1);
if (!ret)
return NULL;
#define new(t, n) ((t*) malloc_multiply(sizeof(t), (n)))
-#define new0(t, n) ((t*) calloc((n), sizeof(t)))
+#define new0(t, n) ((t*) calloc((n) ?: 1, sizeof(t)))
#define newa(t, n) \
({ \
if (size_multiply_overflow(size, need))
return NULL;
- return malloc(size * need);
+ return malloc(size * need ?: 1);
}
#if !HAVE_REALLOCARRAY
if (size_multiply_overflow(size, need))
return NULL;
- return realloc(p, size * need);
+ return realloc(p, size * need ?: 1);
}
#endif