X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=HACKING;h=89a6b3ad444436732c2bae557f6e37ca5b01782a;hb=a8170e5e97ad17ca169c64ba87ae2f53850dab4c;hp=5b4ae10654185a9c0d34d97b142266feb7411334;hpb=145e21dbd06dbb4af319a019ee1281631215a94f;p=mirror_qemu.git diff --git a/HACKING b/HACKING index 5b4ae10654..89a6b3ad44 100644 --- a/HACKING +++ b/HACKING @@ -32,7 +32,7 @@ mandatory for VMState fields. Don't use Linux kernel internal types like u32, __u32 or __le32. -Use target_phys_addr_t for guest physical addresses except pcibus_t +Use hwaddr for guest physical addresses except pcibus_t for PCI addresses. In addition, ram_addr_t is a QEMU internal address space that maps guest RAM physical addresses into an intermediate address space that can map to host virtual address spaces. Generally @@ -77,11 +77,13 @@ avoided. Use of the malloc/free/realloc/calloc/valloc/memalign/posix_memalign APIs is not allowed in the QEMU codebase. Instead of these routines, -use the replacement g_malloc/g_malloc0/g_realloc/g_free or -qemu_vmalloc/qemu_memalign/qemu_vfree APIs. +use the GLib memory allocation routines g_malloc/g_malloc0/g_new/ +g_new0/g_realloc/g_free or QEMU's qemu_vmalloc/qemu_memalign/qemu_vfree +APIs. -Please note that NULL check for the qemu_malloc result is redundant and -that g_malloc() call with zero size is not allowed. +Please note that g_malloc will exit on allocation failure, so there +is no need to test for failure (as you would have to with malloc). +Calling g_malloc with a zero size is valid and will return NULL. Memory allocated by qemu_vmalloc or qemu_memalign must be freed with qemu_vfree, since breaking this will cause problems on Win32 and user @@ -89,10 +91,11 @@ emulators. 4. String manipulation -Do not use the strncpy function. According to the man page, it does -*not* guarantee a NULL-terminated buffer, which makes it extremely dangerous -to use. Instead, use functionally equivalent function: -void pstrcpy(char *buf, int buf_size, const char *str) +Do not use the strncpy function. As mentioned in the man page, it does *not* +guarantee a NULL-terminated buffer, which makes it extremely dangerous to use. +It also zeros trailing destination bytes out to the specified length. Instead, +use this similar function when possible, but note its different signature: +void pstrcpy(char *dest, int dest_buf_size, const char *src) Don't use strcat because it can't check for buffer overflows, but: char *pstrcat(char *buf, int buf_size, const char *s)