build: prohibit raw malloc and free

Our HACKING discourages use of malloc and free, for at least
a couple of years now.  But we weren't enforcing it, until now :)

For now, I've exempted python and tests, and will clean those up
in subsequent patches.  Examples should be permanently exempt,
since anyone copying our examples won't have use of our
internal-only memory.h via libvirt_util.la.

* cfg.mk (sc_prohibit_raw_allocation): New rule.
(exclude_file_name_regexp--sc_prohibit_raw_allocation): and
exemptions.
* src/cpu/cpu.c (cpuDataFree): Avoid false positive.
* src/conf/network_conf.c (virNetworkDNSSrvDefParseXML): Fix
offenders.
* src/libxl/libxl_conf.c (libxlMakeDomBuildInfo, libxlMakeVfb)
(libxlMakeDeviceModelInfo): Likewise.
* src/rpc/virnetmessage.c (virNetMessageSaveError): Likewise.
* tools/virsh.c (_vshMalloc, _vshCalloc): Likewise.

cfg.mk

@@ -316,6 +316,12 @@ sc_prohibit_internal_functions:
 	halt='use VIR_ macros instead of internal functions'		\
 	  $(_sc_search_regexp)
 
+# Avoid raw malloc and free, except in documentation comments.
+sc_prohibit_raw_allocation:
+	@prohibit='^.[^*].*\<((m|c|re)alloc|free) *\([^)]'		\
+	halt='use VIR_ macros from memory.h instead of malloc/free'	\
+	  $(_sc_search_regexp)
+
 # Avoid functions that can lead to double-close bugs.
 sc_prohibit_close:
 	@prohibit='([^>.]|^)\<[fp]?close *\('				\
@@ -737,6 +743,9 @@ exclude_file_name_regexp--sc_prohibit_newline_at_end_of_diagnostic = \
 exclude_file_name_regexp--sc_prohibit_nonreentrant = \
   ^((po|tests)/|docs/.*py$$|tools/(virsh|console)\.c$$)
 
+exclude_file_name_regexp--sc_prohibit_raw_allocation = \
+  ^(src/util/memory\.[ch]|(examples|python|tests)/.*)$$
+
 exclude_file_name_regexp--sc_prohibit_readlink = ^src/util/util\.c$$
 
 exclude_file_name_regexp--sc_prohibit_setuid = ^src/util/util\.c$$

src/conf/network_conf.c

@@ -592,7 +592,7 @@ virNetworkDNSSrvDefParseXML(virNetworkDNSDefPtr def,
         virAsprintf(&name, _("Service name is too long, limit is %d bytes"), DNS_RECORD_LENGTH_SRV);
         virNetworkReportError(VIR_ERR_XML_DETAIL,
                               "%s", name);
-        free(name);
+        VIR_FREE(name);
         goto error;
     }
 

src/cpu/cpu.c

@@ -1,7 +1,7 @@
 /*
  * cpu.c: internal functions for CPU manipulation
  *
- * Copyright (C) 2009-2011 Red Hat, Inc.
+ * Copyright (C) 2009-2012 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -220,7 +220,7 @@ cpuDataFree(const char *arch,
         return;
     }
 
-    driver->free(data);
+    (driver->free)(data);
 }
 
 

src/libxl/libxl_conf.c

@@ -1,6 +1,7 @@
 /*---------------------------------------------------------------------------*/
-/*  Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
- *  Copyright (C) 2011 Univention GmbH.
+/* Copyright (C) 2012 Red Hat, Inc.
+ * Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+ * Copyright (C) 2011 Univention GmbH.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -466,7 +467,7 @@ libxlMakeDomBuildInfo(virDomainDefPtr def, libxl_domain_config *d_config)
         }
         if (def->os.kernel) {
             /* libxl_init_build_info() sets kernel.path = strdup("hvmloader") */
-            free(b_info->kernel.path);
+            VIR_FREE(b_info->kernel.path);
             if ((b_info->kernel.path = strdup(def->os.kernel)) == NULL) {
                 virReportOOMError();
                 goto error;
@@ -707,7 +708,7 @@ libxlMakeVfb(libxlDriverPrivatePtr driver, virDomainDefPtr def,
             listenAddr = virDomainGraphicsListenGetAddress(l_vfb, 0);
             if (listenAddr) {
                 /* libxl_device_vfb_init() does strdup("127.0.0.1") */
-                free(x_vfb->vnclisten);
+                VIR_FREE(x_vfb->vnclisten);
                 if ((x_vfb->vnclisten = strdup(listenAddr)) == NULL) {
                     virReportOOMError();
                     return -1;
@@ -827,7 +828,7 @@ libxlMakeDeviceModelInfo(virDomainDefPtr def, libxl_domain_config *d_config)
         /* HVM-specific device model info */
         dm_info->type = XENFV;
         if (def->os.nBootDevs > 0) {
-            free(dm_info->boot);
+            VIR_FREE(dm_info->boot);
             for (i = 0; i < def->os.nBootDevs; i++) {
                 switch (def->os.bootDevs[i]) {
                     case VIR_DOMAIN_BOOT_FLOPPY:
@@ -866,7 +867,7 @@ libxlMakeDeviceModelInfo(virDomainDefPtr def, libxl_domain_config *d_config)
             /* driver handles selection of free port */
             dm_info->vncunused = 0;
             if (d_config->vfbs[0].vnclisten) {
-                free(dm_info->vnclisten);
+                VIR_FREE(dm_info->vnclisten);
                 if ((dm_info->vnclisten =
                      strdup(d_config->vfbs[0].vnclisten)) == NULL) {
                     virReportOOMError();

src/rpc/virnetmessage.c

@@ -1,7 +1,7 @@
 /*
  * virnetmessage.c: basic RPC message encoding/decoding
  *
- * Copyright (C) 2010-2011 Red Hat, Inc.
+ * Copyright (C) 2010-2012 Red Hat, Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -466,26 +466,27 @@ void virNetMessageSaveError(virNetMessageErrorPtr rerr)
     if (rerr->code != VIR_ERR_OK)
         return;
 
+    memset(rerr, 0, sizeof(*rerr));
     virErrorPtr verr = virGetLastError();
     if (verr) {
         rerr->code = verr->code;
         rerr->domain = verr->domain;
-        rerr->message = verr->message ? malloc(sizeof(char*)) : NULL;
-        if (rerr->message) *rerr->message = strdup(verr->message);
+        if (verr->message && VIR_ALLOC(rerr->message) == 0)
+            *rerr->message = strdup(verr->message);
         rerr->level = verr->level;
-        rerr->str1 = verr->str1 ? malloc(sizeof(char*)) : NULL;
-        if (rerr->str1) *rerr->str1 = strdup(verr->str1);
-        rerr->str2 = verr->str2 ? malloc(sizeof(char*)) : NULL;
-        if (rerr->str2) *rerr->str2 = strdup(verr->str2);
-        rerr->str3 = verr->str3 ? malloc(sizeof(char*)) : NULL;
-        if (rerr->str3) *rerr->str3 = strdup(verr->str3);
+        if (verr->str1 && VIR_ALLOC(rerr->str1) == 0)
+            *rerr->str1 = strdup(verr->str1);
+        if (verr->str2 && VIR_ALLOC(rerr->str2) == 0)
+            *rerr->str2 = strdup(verr->str2);
+        if (verr->str3 && VIR_ALLOC(rerr->str3) == 0)
+            *rerr->str3 = strdup(verr->str3);
         rerr->int1 = verr->int1;
         rerr->int2 = verr->int2;
     } else {
         rerr->code = VIR_ERR_INTERNAL_ERROR;
         rerr->domain = VIR_FROM_RPC;
-        rerr->message = malloc(sizeof(char*));
-        if (rerr->message) *rerr->message = strdup(_("Library function returned error but did not set virError"));
+        if (VIR_ALLOC(rerr->message) == 0)
+            *rerr->message = strdup(_("Library function returned error but did not set virError"));
         rerr->level = VIR_ERR_ERROR;
     }
 }

tools/virsh.c

@@ -436,9 +436,9 @@ static int parseRateStr(const char *rateStr, virNetDevBandwidthRatePtr rate);
 static void *
 _vshMalloc(vshControl *ctl, size_t size, const char *filename, int line)
 {
-    void *x;
+    char *x;
 
-    if ((x = malloc(size)))
+    if (VIR_ALLOC_N(x, size) == 0)
         return x;
     vshError(ctl, _("%s: %d: failed to allocate %d bytes"),
              filename, line, (int) size);
@@ -448,9 +448,10 @@ _vshMalloc(vshControl *ctl, size_t size, const char *filename, int line)
 static void *
 _vshCalloc(vshControl *ctl, size_t nmemb, size_t size, const char *filename, int line)
 {
-    void *x;
+    char *x;
 
-    if ((x = calloc(nmemb, size)))
+    if (!xalloc_oversized(nmemb, size) &&
+        VIR_ALLOC_N(x, nmemb * size) == 0)
         return x;
     vshError(ctl, _("%s: %d: failed to allocate %d bytes"),
              filename, line, (int) (size*nmemb));