alloc() never returns Null

Mark alloc()--also dupstr() and re_alloc()--for gcc and clang as
always returning non-Null.  This should silence some of the static
analysis complaints.

Almost all the monster and object naming functions (anything that
returns an mbuf or an obuf) should be marked this way too but I'll
leave that for somebody else to deal with.

I didn't attempt to mark alloc() with the 'malloc' attribute because
macro definitions could end up causing trouble.  Specifying its
deallocator would probably be useful but is at even bigger risk of
macro interference.

I'm not sure whether gcc 3 is really the right test for whether the
returns_nonnull attribute setting is available.
This commit is contained in:
PatR
2022-09-24 04:39:12 -07:00
parent ef093d0b30
commit 4885653014
4 changed files with 17 additions and 12 deletions

View File

@@ -19,7 +19,7 @@ extern int FITSint_(LUA_INTEGER, const char *, int);
#define FITSuint(x) FITSuint_(x, __func__, (int) __LINE__)
extern unsigned FITSuint_(unsigned long long, const char *, int);
char *fmt_ptr(const genericptr);
char *fmt_ptr(const genericptr) NONNULL;
#ifdef MONITOR_HEAP
#undef alloc
@@ -32,8 +32,8 @@ static FILE *heaplog = 0;
static boolean tried_heaplog = FALSE;
#endif
long *alloc(unsigned int);
long *re_alloc(long *, unsigned int);
long *alloc(unsigned int) NONNULL;
long *re_alloc(long *, unsigned int) NONNULL;
extern void panic(const char *, ...);
long *
@@ -221,7 +221,8 @@ char *
dupstr_n(const char *string, unsigned int *lenout)
{
size_t len = strlen(string);
if(len >= LARGEST_INT)
if (len >= LARGEST_INT)
panic("string too long");
*lenout = (unsigned int) len;
return strcpy((char *) alloc(len + 1), string);