> So the only correct way would be to write: > > array = malloc(size); > if (array == NULL && size != 0) { > return -ENOMEM; > } >
Of course we can differentiate. A failed malloc will abort, a successful one will not. > If you were writing portable code. But that's not what people write. You > can argue that qemu_malloc() can have any semantics we want and while that's > true, it doesn't change my above statement. I think the main argument for > this behavior in qemu is that people are used to using this idiom with > malloc() but it's a non-portable practice. > > If qemu_malloc() didn't carry the name "malloc()" then semantics with size=0 > would be a different discussion. But so far, all qemu_* functions tend to > behave almost exactly like their C counterparts. Relying on the result of > size=0 with malloc() is broken. We can change qemu_malloc to qemu_alloc_memory(), or whatever. But from the moment we do things like abort on failing, we are already deviating from its C counterpart. -- Glauber Costa. "Free as in Freedom" http://glommer.net "The less confident you are, the more serious you have to act."