diff options
author | Peter Maydell <peter.maydell@linaro.org> | 2016-08-05 11:43:20 +0100 |
---|---|---|
committer | Peter Maydell <peter.maydell@linaro.org> | 2016-09-09 11:16:18 +0100 |
commit | 5f31bbf1015abd3fc27c7f87b8db65aba2c8164d (patch) | |
tree | 4a43a0168a357d720cd0b0e84098e66dc1fdb4b2 /qtest.c | |
parent | 33e60e01988b02ac9baf4dc0f4a452b39fb5ce55 (diff) | |
download | qemu-5f31bbf1015abd3fc27c7f87b8db65aba2c8164d.zip qemu-5f31bbf1015abd3fc27c7f87b8db65aba2c8164d.tar.gz qemu-5f31bbf1015abd3fc27c7f87b8db65aba2c8164d.tar.bz2 |
qtest.c: Allow zero size in memset qtest commands
Some tests use the qtest protocol "memset" command with a zero
size, expecting it to do nothing. However in the current code this
will result in calling memset() with a NULL pointer, which is
undefined behaviour. Detect and specially handle zero sizes to
avoid this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1470393800-7882-1-git-send-email-peter.maydell@linaro.org
Diffstat (limited to 'qtest.c')
-rw-r--r-- | qtest.c | 11 |
1 files changed, 7 insertions, 4 deletions
@@ -133,6 +133,7 @@ static bool qtest_opened; * < OK * * ADDR, SIZE, VALUE are all integers parsed with strtoul() with a base of 0. + * For 'memset' a zero size is permitted and does nothing. * * DATA is an arbitrarily long hex number prefixed with '0x'. If it's smaller * than the expected size, the value will be zero filled at the end of the data @@ -493,10 +494,12 @@ static void qtest_process_command(CharDriverState *chr, gchar **words) len = strtoull(words[2], NULL, 0); pattern = strtoull(words[3], NULL, 0); - data = g_malloc(len); - memset(data, pattern, len); - cpu_physical_memory_write(addr, data, len); - g_free(data); + if (len) { + data = g_malloc(len); + memset(data, pattern, len); + cpu_physical_memory_write(addr, data, len); + g_free(data); + } qtest_send_prefix(chr); qtest_send(chr, "OK\n"); |