aboutsummaryrefslogtreecommitdiff
path: root/qtest.c
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2016-08-05 11:43:20 +0100
committerPeter Maydell <peter.maydell@linaro.org>2016-09-09 11:16:18 +0100
commit5f31bbf1015abd3fc27c7f87b8db65aba2c8164d (patch)
tree4a43a0168a357d720cd0b0e84098e66dc1fdb4b2 /qtest.c
parent33e60e01988b02ac9baf4dc0f4a452b39fb5ce55 (diff)
downloadqemu-5f31bbf1015abd3fc27c7f87b8db65aba2c8164d.zip
qemu-5f31bbf1015abd3fc27c7f87b8db65aba2c8164d.tar.gz
qemu-5f31bbf1015abd3fc27c7f87b8db65aba2c8164d.tar.bz2
qtest.c: Allow zero size in memset qtest commands
Some tests use the qtest protocol "memset" command with a zero size, expecting it to do nothing. However in the current code this will result in calling memset() with a NULL pointer, which is undefined behaviour. Detect and specially handle zero sizes to avoid this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1470393800-7882-1-git-send-email-peter.maydell@linaro.org
Diffstat (limited to 'qtest.c')
-rw-r--r--qtest.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/qtest.c b/qtest.c
index da4826c..ce4c6db 100644
--- a/qtest.c
+++ b/qtest.c
@@ -133,6 +133,7 @@ static bool qtest_opened;
* < OK
*
* ADDR, SIZE, VALUE are all integers parsed with strtoul() with a base of 0.
+ * For 'memset' a zero size is permitted and does nothing.
*
* DATA is an arbitrarily long hex number prefixed with '0x'. If it's smaller
* than the expected size, the value will be zero filled at the end of the data
@@ -493,10 +494,12 @@ static void qtest_process_command(CharDriverState *chr, gchar **words)
len = strtoull(words[2], NULL, 0);
pattern = strtoull(words[3], NULL, 0);
- data = g_malloc(len);
- memset(data, pattern, len);
- cpu_physical_memory_write(addr, data, len);
- g_free(data);
+ if (len) {
+ data = g_malloc(len);
+ memset(data, pattern, len);
+ cpu_physical_memory_write(addr, data, len);
+ g_free(data);
+ }
qtest_send_prefix(chr);
qtest_send(chr, "OK\n");