From patchwork Tue Feb 5 20:44:23 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 14574 Return-Path: X-Original-To: patchwork@peony.canonical.com Delivered-To: patchwork@peony.canonical.com Received: from fiordland.canonical.com (fiordland.canonical.com [91.189.94.145]) by peony.canonical.com (Postfix) with ESMTP id E74CC241E2 for ; Tue, 5 Feb 2013 20:44:32 +0000 (UTC) Received: from mail-vb0-f45.google.com (mail-vb0-f45.google.com [209.85.212.45]) by fiordland.canonical.com (Postfix) with ESMTP id 810D6A18529 for ; Tue, 5 Feb 2013 20:44:32 +0000 (UTC) Received: by mail-vb0-f45.google.com with SMTP id p1so359324vbi.4 for ; Tue, 05 Feb 2013 12:44:32 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-forwarded-to:x-forwarded-for:delivered-to:x-received :received-spf:from:to:cc:subject:date:message-id:x-mailer :x-gm-message-state; bh=cklHsr/iLheUdBirbPc7lduhO7GPNW5JkG9G9YtrtJk=; b=Wu1zVukZwPsEt7yosa4X0lacMakCF8n7sXFjQg6/f/EIJ+Ciql6rXu4DR6WHR8TVxa tSrog6q6QB+JfGgSYS/iW3TvLal9a9LhQvOw+4ajwq/L60zmXW/q7aYgPh/T7QHR/sF9 julBsEB544k5mHTDWphr8xRRlJp9bS39T6NSh6gzmSAasXL6pIYSfO/2mtsfvaCN9OLU SuThX4zZs5aYlPobunQ6jiwyFeShy9Tzm9StmCBi8wBYBw4sYFsyZlN/NdxW6ju6ME2v FI+LXYRmu1bbH6PCzMw9stxhfUgn7MsFV2UFf4IB6ej+6M8UorgA5TsF676DILPpmgUV p8dQ== X-Received: by 10.220.219.204 with SMTP id hv12mr28886441vcb.71.1360097071984; Tue, 05 Feb 2013 12:44:31 -0800 (PST) X-Forwarded-To: linaro-patchwork@canonical.com X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com Delivered-To: patches@linaro.org Received: by 10.58.252.8 with SMTP id zo8csp146421vec; Tue, 5 Feb 2013 12:44:31 -0800 (PST) X-Received: by 10.194.174.234 with SMTP id bv10mr45484532wjc.47.1360097070621; Tue, 05 Feb 2013 12:44:30 -0800 (PST) Received: from mnementh.archaic.org.uk (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.1.0.0.b.8.0.1.0.0.2.ip6.arpa. [2001:8b0:1d0::1]) by mx.google.com with ESMTPS id gv6si5595011wib.60.2013.02.05.12.44.29 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 05 Feb 2013 12:44:30 -0800 (PST) Received-SPF: neutral (google.com: 2001:8b0:1d0::1 is neither permitted nor denied by best guess record for domain of pm215@archaic.org.uk) client-ip=2001:8b0:1d0::1; Authentication-Results: mx.google.com; spf=neutral (google.com: 2001:8b0:1d0::1 is neither permitted nor denied by best guess record for domain of pm215@archaic.org.uk) smtp.mail=pm215@archaic.org.uk Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.72) (envelope-from ) id 1U2pNP-00082P-UI; Tue, 05 Feb 2013 20:44:23 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, Blue Swirl , Kevin Wolf , Markus Armbruster , =?UTF-8?q?Andreas=20F=C3=A4rber?= , Luiz Capitulino , Anthony Liguori Subject: [PATCH v2 for-1.4] tests/test-string-input-visitor: Handle errors provoked by fuzz test Date: Tue, 5 Feb 2013 20:44:23 +0000 Message-Id: <1360097063-30874-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.2.5 X-Gm-Message-State: ALoCoQk/aeUbCaAc8XXJqtt6pI/ySg51xlLguvvhCLILSAmNtsIrbwRqiPj1XM+oO+wBuuOcMOCd It's OK and expected for visitors to return errors when presented with the fuzz test's random data. Since the fuzzer doesn't care about errors, we pass in NULL rather than an Error**. This fixes a bug in the fuzzer where it was passing the same Error** into each visitor, with the effect that once one visitor returned an error, each later visitor would notice that it had been passed in an Error** representing an already set error, and do nothing. For the case of visit_type_str() we also need to handle the case where an error means that the visitor doesn't set our char*. We initialize the pointer to NULL so we can safely g_free() it regardless of whether the visitor allocated a string for us or not. This fixes a problem where this test failed the MacOSX malloc() consistency checks and might segfault on other platforms [due to calling free() on an uninitialized pointer variable when visit_type_str() failed.]. Signed-off-by: Peter Maydell Reviewed-by: Andreas Färber --- For 1.4 because it fixes a crash bug in the test. v1->v2 changes: I took Luiz' suggestions for simplifying this code: just pass NULL in as an Error** since we don't care about errors, and NULL-init sres so g_free() works either way. I agree with Luiz that the test leaks visitors, but since it won't leak enough to actually cause a problem, I leave that for a post-1.4 patch, since it's a separate bug to the one we're fixing here. tests/test-string-input-visitor.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/test-string-input-visitor.c b/tests/test-string-input-visitor.c index f6b0093..5989f81 100644 --- a/tests/test-string-input-visitor.c +++ b/tests/test-string-input-visitor.c @@ -174,7 +174,6 @@ static void test_visitor_in_fuzz(TestInputVisitorData *data, double nres; char *sres; EnumOne eres; - Error *errp = NULL; Visitor *v; unsigned int i; char buf[10000]; @@ -193,21 +192,22 @@ static void test_visitor_in_fuzz(TestInputVisitorData *data, } v = visitor_input_test_init(data, buf); - visit_type_int(v, &ires, NULL, &errp); + visit_type_int(v, &ires, NULL, NULL); v = visitor_input_test_init(data, buf); - visit_type_bool(v, &bres, NULL, &errp); + visit_type_bool(v, &bres, NULL, NULL); visitor_input_teardown(data, NULL); v = visitor_input_test_init(data, buf); - visit_type_number(v, &nres, NULL, &errp); + visit_type_number(v, &nres, NULL, NULL); v = visitor_input_test_init(data, buf); - visit_type_str(v, &sres, NULL, &errp); + sres = NULL; + visit_type_str(v, &sres, NULL, NULL); g_free(sres); v = visitor_input_test_init(data, buf); - visit_type_EnumOne(v, &eres, NULL, &errp); + visit_type_EnumOne(v, &eres, NULL, NULL); visitor_input_teardown(data, NULL); } }