diff options
author | Blue Swirl <blauwirbel@gmail.com> | 2010-09-10 18:53:05 +0000 |
---|---|---|
committer | Blue Swirl <blauwirbel@gmail.com> | 2010-09-10 18:53:05 +0000 |
commit | d241f143c95861f46f7b75de96a8a3276517a14f (patch) | |
tree | e29aea6de50b4ac7f3cdc34433312e6f93819b89 /HACKING | |
parent | 54b2cc50307097e903579a3fb61855c889c78ee9 (diff) | |
download | qemu-d241f143c95861f46f7b75de96a8a3276517a14f.zip qemu-d241f143c95861f46f7b75de96a8a3276517a14f.tar.gz qemu-d241f143c95861f46f7b75de96a8a3276517a14f.tar.bz2 |
HACKING: add string management rules
Add string management rules, somewhat like libvirt HACKING.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Diffstat (limited to 'HACKING')
-rw-r--r-- | HACKING | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -86,3 +86,27 @@ that qemu_malloc() call with zero size is not allowed. Memory allocated by qemu_vmalloc or qemu_memalign must be freed with qemu_vfree, since breaking this will cause problems on Win32 and user emulators. + +4. String manipulation + +Do not use the strncpy function. According to the man page, it does +*not* guarantee a NULL-terminated buffer, which makes it extremely dangerous +to use. Instead, use functionally equivalent function: +void pstrcpy(char *buf, int buf_size, const char *str) + +Don't use strcat because it can't check for buffer overflows, but: +char *pstrcat(char *buf, int buf_size, const char *s) + +The same limitation exists with sprintf and vsprintf, so use snprintf and +vsnprintf. + +QEMU provides other useful string functions: +int strstart(const char *str, const char *val, const char **ptr) +int stristart(const char *str, const char *val, const char **ptr) +int qemu_strnlen(const char *s, int max_len) + +There are also replacement character processing macros for isxyz and toxyz, +so instead of e.g. isalnum you should use qemu_isalnum. + +Because of the memory management rules, you must use qemu_strdup/qemu_strndup +instead of plain strdup/strndup. |