This patch documents the preference for g_new instead of g_malloc. The reasons were adapted from commit b45c03f585ea9bb1af76c73e82195418c294919d.
Discussion in QEMU's mailing list: http://lists.nongnu.org/archive/html/qemu-devel/2018-05/msg03238.html Cc: qemu-devel@nongnu.org Cc: David Hildenbrand <da...@redhat.com> Cc: Eduardo Habkost <ehabk...@redhat.com> Cc: Markus Armbruster <arm...@redhat.com> Cc: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Murilo Opsfelder Araujo <muri...@linux.ibm.com> --- HACKING | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/HACKING b/HACKING index 4125c97d8d..0fc3e0fc04 100644 --- a/HACKING +++ b/HACKING @@ -118,6 +118,15 @@ Please note that g_malloc will exit on allocation failure, so there is no need to test for failure (as you would have to with malloc). Calling g_malloc with a zero size is valid and will return NULL. +Prefer g_new(T, n) instead of g_malloc(sizeof(T) * n) for the following +reasons: + + a. It catches multiplication overflowing size_t; + b. It returns T * instead of void *, letting compiler catch more type + errors. + +Declarations like T *v = g_malloc(sizeof(*v)) are acceptable, though. + Memory allocated by qemu_memalign or qemu_blockalign must be freed with qemu_vfree, since breaking this will cause problems on Win32. -- 2.14.3
