From patchwork Fri Aug 5 10:43:20 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 73351 Delivered-To: patches@linaro.org Received: by 10.140.29.52 with SMTP id a49csp1864848qga; Fri, 5 Aug 2016 03:43:26 -0700 (PDT) X-Received: by 10.194.175.170 with SMTP id cb10mr40946350wjc.17.1470393806769; Fri, 05 Aug 2016 03:43:26 -0700 (PDT) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id li10si17911846wjb.23.2016.08.05.03.43.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Aug 2016 03:43:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1bVcb6-0007on-WC; Fri, 05 Aug 2016 11:43:25 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, John Snow , Eric Blake , Markus Armbruster Subject: [PATCH for-2.7] qtest.c: Allow zero size in memset qtest commands Date: Fri, 5 Aug 2016 11:43:20 +0100 Message-Id: <1470393800-7882-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 Some tests use the qtest protocol "memset" command with a zero size, expecting it to do nothing. However in the current code this will result in calling memset() with a NULL pointer, which is undefined behaviour. Detect and specially handle zero sizes to avoid this. Signed-off-by: Peter Maydell --- Looking at the code for the other commands that take a size ('read', 'write', 'b64read' and 'b64write' they all assume a non-zero size. I've left those alone though, somebody else can make them do nothing on zero size if they feel it's important.) qtest.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) -- 2.7.4 diff --git a/qtest.c b/qtest.c index da4826c..ce4c6db 100644 --- a/qtest.c +++ b/qtest.c @@ -133,6 +133,7 @@ static bool qtest_opened; * < OK * * ADDR, SIZE, VALUE are all integers parsed with strtoul() with a base of 0. + * For 'memset' a zero size is permitted and does nothing. * * DATA is an arbitrarily long hex number prefixed with '0x'. If it's smaller * than the expected size, the value will be zero filled at the end of the data @@ -493,10 +494,12 @@ static void qtest_process_command(CharDriverState *chr, gchar **words) len = strtoull(words[2], NULL, 0); pattern = strtoull(words[3], NULL, 0); - data = g_malloc(len); - memset(data, pattern, len); - cpu_physical_memory_write(addr, data, len); - g_free(data); + if (len) { + data = g_malloc(len); + memset(data, pattern, len); + cpu_physical_memory_write(addr, data, len); + g_free(data); + } qtest_send_prefix(chr); qtest_send(chr, "OK\n");