Remove explicit malloc()-family calls from first-party code. #3143
Conversation
pullapprove
bot
requested review from
andy31415,
BroderickCarlin,
bzbarsky-apple,
chrisdecenzo,
hawk248,
jelderton,
rwalker-apple and
saurabhst
|
|
||
| tmpBuf = static_cast<char *>(malloc(dataLen + 1)); | ||
| tmpBuf = static_cast<char *>(chip::Platform::MemoryAlloc(dataLen + 1)); |
There was a problem hiding this comment.
Why is this write to a temp buffer better than the old !HAVE_MALLOC code which directly wrote it into our buffer? Especially if we fix that code to properly length-check how much space we have left...
There was a problem hiding this comment.
It isn't, but my intent is for there to be no changes in this PR beyond what's required for a straight substitution of malloc→MemoryAlloc() etc. Later PRs can try to eliminate some of those uses entirely.
| @@ -282,7 +283,7 @@ void InitNetwork() | |||
| for (size_t j = 0; j < gNetworkOptions.LocalIPv6Addr.size(); j++) | |||
| { | |||
| uint64_t iid = gNetworkOptions.LocalIPv6Addr[j].InterfaceId(); | |||
| char * tap_name = (char *) malloc(sizeof(gDefaultTapDeviceName)); | |||
| char * tap_name = (char *) chip::Platform::MemoryAlloc(sizeof(gDefaultTapDeviceName)); | |||
There was a problem hiding this comment.
Maybe while we change this, add an assert that this is not null?
| @@ -256,9 +258,9 @@ bool FaultInjectionOptions::HandleOption(const char * progName, OptionSet * optS | |||
| { | |||
| #if CHIP_CONFIG_TEST || CHIP_SYSTEM_CONFIG_TEST || INET_CONFIG_TEST | |||
| case kToolCommonOpt_FaultInjection: { | |||
| char * mutableArg = strdup(arg); | |||
| char * mutableArg = chip::Platform::MemoryAllocString(arg); | |||
There was a problem hiding this comment.
using ScopedBuffer and asserting non-null may be useful here
| if (buf == nullptr) | ||
| return CHIP_ERROR_NO_MEMORY; | ||
|
|
||
| CHIP_ERROR err = ReadData(buf, static_cast<uint32_t>(mElemLenOrVal)); | ||
| if (err != CHIP_NO_ERROR) | ||
| { | ||
| free(buf); | ||
| chip::Platform::MemoryFree(buf); |
There was a problem hiding this comment.
should we also set buf to nullptr here as well?
| if (buf == nullptr) | ||
| return CHIP_ERROR_NO_MEMORY; | ||
|
|
||
| CHIP_ERROR err = ReadData(reinterpret_cast<uint8_t *>(buf), static_cast<uint32_t>(mElemLenOrVal)); | ||
| if (err != CHIP_NO_ERROR) | ||
| { | ||
| free(buf); | ||
| chip::Platform::MemoryFree(buf); |
There was a problem hiding this comment.
I would set buf null here as well
| @@ -211,14 +212,14 @@ void TestString(nlTestSuite * inSuite, TLVReader & reader, uint64_t tag, const c | |||
| uint32_t expectedLen = strlen(expectedVal); | |||
| NL_TEST_ASSERT(inSuite, reader.GetLength() == expectedLen); | |||
|
|
|||
| char * val = static_cast<char *>(malloc(expectedLen + 1)); | |||
| char * val = static_cast<char *>(chip::Platform::MemoryAlloc(expectedLen + 1)); | |||
There was a problem hiding this comment.
I would suggest using https://github.com/project-chip/connectedhomeip/blob/master/src/lib/support/ScopedBuffer.h in here if possible, to not need to pair up alloc and free.
There was a problem hiding this comment.
I'd prefer to do a 1:1 swap in this PR and all the improvements in a separate one, to keep the history clearer.
| */ | ||
|
|
||
| #ifndef CHIP_MEM_STRING_H | ||
| #define CHIP_MEM_STRING_H |
There was a problem hiding this comment.
nit: consider #pragma once
|
|
||
| extern "C" { | ||
|
|
||
| extern int CHIPPlatformMemoryInit(void * buf, size_t bufSize) |
There was a problem hiding this comment.
Why can't this just be in CHIPMem.h and the rest hidden by ifdef __cplusplus ?
There was a problem hiding this comment.
Do you mean the declarations, or are you suggesting defining them inline in the header?
There was a problem hiding this comment.
I meant the declarations. Not sure if it's better, perhaps separate is the way to go.
There was a problem hiding this comment.
The rationale for making them separate is to avoid adding non-namespaced symbols to a common header.
|
Argh, my rebase made a mess. |
#### Problem Embedded device-side code should only use heap through CHIPMem.h. In particular it should not call malloc()-family functions. #### Summary of Changes - Replace direct calls to malloc()/calloc()/realloc()/free(). - Ensure that malloc()-family calls in non-device code are suitably guarded by #ifs. - Add a C wrapper for Platform::Memory… functions, for src/lwip/standalone/sys_arch.c and platform C. - Add a str[n]dup() equivalent, as calls are paired with free(). fixes project-chip#2807 Remove explicit use of malloc() from first-party embedded-device code fixes project-chip#3092 CHIPMem.h called from C
kpschoedel
force-pushed
the
x2899-mem-malloc
branch
from
d56dc0a to
1f74ad7
Compare
#### Problem As part of heap memory management, a recent change (project-chip#3143) replaced malloc()-family calls one-for-one with their "CHIPMem.h" equivalents, but a one-to-one replacement is not always ideal. #### Summary of Changes - Use ScopedMemoryBuffer instead where possible. - Added ScopedMemoryString, since this is a common case. - Some addition safety checks.
#### Problem As part of heap memory management, a recent change (project-chip#3143) replaced malloc()-family calls one-for-one with their "CHIPMem.h" equivalents. Reviewers proposed some related small safety changes. #### Summary of Changes - added an assert() - null out two dead pointers
#### Problem As part of heap memory management, a recent change (#3143) replaced malloc()-family calls one-for-one with their "CHIPMem.h" equivalents. Reviewers proposed some related small safety changes. #### Summary of Changes - added an assert() - null out two dead pointers
* Clean up ex-malloc() use of CHIPMem.h #### Problem As part of heap memory management, a recent change (#3143) replaced malloc()-family calls one-for-one with their "CHIPMem.h" equivalents, but a one-to-one replacement is not always ideal. #### Summary of Changes - Use ScopedMemoryBuffer instead where possible. - Added ScopedMemoryString, since this is a common case. - Some addition safety checks. * Split off safety changes. * Simplified string operations. * Move strlen to callers * Review
Problem
Embedded device-side code should only use heap through CHIPMem.h.
In particular it should not call malloc()-family functions.
Summary of Changes
guarded by #ifs.
src/lwip/standalone/sys_arch.c and platform C.
Fixes #2807 Remove explicit use of malloc() from first-party embedded-device code
Fixes #3092 CHIPMem.h called from C