Coverity noticed commit 950c4e6c94 introduced a dereference before null check in get_opt_value (CID1391003):
In get_opt_value: All paths that lead to this null pointer comparison already dereference the pointer earlier (CWE-476) We fixed this in commit 6e3ad3f0e31, but relaxed the check in commit 0c2f6e7ee99 because "No callers of get_opt_value() pass in a NULL for the 'value' parameter". Since this function is publicly exposed, it risks new users to do the same error again. Avoid that documenting the 'value' argument must not be NULL. Signed-off-by: Philippe Mathieu-Daudé <[email protected]> --- include/qemu/option.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/qemu/option.h b/include/qemu/option.h index 844587cab3..141d6a883d 100644 --- a/include/qemu/option.h +++ b/include/qemu/option.h @@ -28,6 +28,18 @@ #include "qemu/queue.h" +/** + * get_opt_value + * @p: a pointer to the option name, delimited by commas + * @value: a non-NULL pointer that will received the delimited options + * + * The @value char pointer will be allocated and filled with + * the delimited options. + * It is an error to pass a non-NULL @value parameter. + * + * Returns the position of the comma delimiter/zero byte after the + * option name in @p. + */ const char *get_opt_value(const char *p, char **value); void parse_option_size(const char *name, const char *value, -- 2.20.1
