Use the macro like this to create temporary variables which are
automatically cleaned up when the scope is exited:
{
CLEANUP_FREE char *foo = safe_strdup (bar);
...
// no need to call free (foo)!
}
The following code is also valid. The initialization of foo as 'NULL'
prevents any chance of free being called on an uninitialized pointer.
It may not be required in all cases.
{
CLEANUP_FREE char *foo = NULL;
...
foo = safe_malloc (100);
...
// no need to call free (foo)!
}
This is also valid:
{
CLEANUP_FREE char *foo = ..., *bar = ...;
...
// no need to call free (foo) or free (bar)!
}
The CLEANUP_FREE_STRING_LIST macro calls guestfs___free_string_list
on its argument. The argument may be NULL.
The CLEANUP_HASH_FREE macro calls hash_free on its argument. The
argument may be NULL.
Important implementation note:
------------------------------
On GCC and LLVM, this is implemented using __attribute__((cleanup(...))).
There is no known way to implement this macro on other C compilers, so
this construct will cause a resource leak.
Important note about close/fclose:
----------------------------------
We did NOT implement 'CLEANUP_CLOSE' or 'CLEANUP_FCLOSE' macros. The
reason is that I am not convinced that these can be used safely. It
would be OK to use these to collect file handles along failure paths,
but you would still want a regular call to 'close'/'fclose' since you
must test for errors, and so you end up having to do:
if (close (fd) == -1) {
// failure case
// avoid double-close in cleanup handler:
fd = -1;
...
}
// avoid double-close in cleanup handler:
fd = -1;
...
This is just code motion, but it allows us to read this flag inside
the 'construct_libvirt_xml_seclabel' function in future (as a possible
way to fix RHBZ#890291).
When debugging is enabled, this produces output like below. This is
useful when diagnosing what URI libguestfs is using.
libguestfs: opening libvirt handle: URI = NULL, auth = virConnectAuthPtrDefault, flags = 0
libguestfs: successfully opened libvirt handle: conn = 0xb05580
guestfs_last_errno (g) == 0 doesn't mean "no error". It means the
errno was not captured. In this case we have to substitute some sort
of errno, so choose EINVAL arbitrarily.
The reasons to do this are twofold:
(a) It's probably a tiny bit faster.
(b) It lets us capture the real errno if the link(2) syscall fails.
The errno is also passed through guestmount, fixing RHBZ#895905:
+ guestmount -a test1.img -m /dev/sda1:/ -m /dev/sda2:/boot /tmp/mnt
+ touch /tmp/mnt/foo
+ cd /tmp/mnt
+ ln foo boot/foo
ln: failed to create hard link ‘boot/foo’ => ‘foo’: Invalid cross-device link
cp will fail if /etc/lvm is an empty directory. Copy the entire
directory and adjust environment variable.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
RWMJ:
- Fixed a couple of whitespace issues.
Using // coverity[...] or /* coverity[...] */ comments in the source
it is possible to suppress specific Coverity errors. The suppressed
error should occur in the line following the comment.
In this case I have suppressed two false positives from Coverity:
(a) We deliberately assign to a NULL pointer in order to cause a
segfault, for testing how the library reacts when this happens.
Coverity flags this, but it is not an error in this case.
(b) Coverity does not model global variables (a known shortcoming).
Therefore the code 'errno = posix_memalign (...)' cannot be modelled
by Coverity, even though the code is correct. Coverity raises a false
positive about this.
(Thanks Kamil Dudka, Coverity)
