Hi On Wed, Mar 28, 2018 at 4:11 PM, Paolo Bonzini <[email protected]> wrote: > On 28/03/2018 15:55, Eric Blake wrote: >> On 03/28/2018 08:48 AM, Marc-André Lureau wrote: >> >>>>> +#define QOBJECT(x) \ >>>>> + container_of(&(x)->base, QObject, base) >>>> >>>> >>>> If I understand correctly, this still causes clang complaints when >>>> called as >>>> QOBJECT(NULL). As long as we are touching this, should we improve this >>>> macro to be friendly to NULL conversion? >>> >>> I don't see much need for allowing NULL (literally) to be passed to >>> QOBJECT(). If it's a null pointer, as long as it has the right type, >>> it should be fine, shouldn't it? >> >> Not with clang ubsan (okay, the failure is at runtime, not compile time): >> >> https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg05143.html >> https://lists.gnu.org/archive/html/qemu-devel/2018-03/msg05148.html >> >> Even when the offset is 0, the mere fact that you are computing an >> offset relative to a NULL pointer is undefined behavior. > > Are there cases where we are passing NULL to qobject_{inc,dec}ref? They > currently have an "if" in they're body, but my opinion is they ought to > crash and burn...
I find it convenient that unref() accepts NULL, just like free(). However, I agree than ref() should crash if given a NULL pointer. While at it, I'd also prefer ref() to return a pointer to the same object...
