Commit 5f31bbf1 authored by Peter Maydell's avatar Peter Maydell
Browse files

qtest.c: Allow zero size in memset qtest commands 



Some tests use the qtest protocol "memset" command with a zero
size, expecting it to do nothing. However in the current code this
will result in calling memset() with a NULL pointer, which is
undefined behaviour. Detect and specially handle zero sizes to
avoid this.

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: default avatarEric Blake <eblake@redhat.com>
Message-id: 1470393800-7882-1-git-send-email-peter.maydell@linaro.org
parent 33e60e01

qtest.c

+7 −4
Original line number Diff line number Diff line
@@ -133,6 +133,7 @@ static bool qtest_opened; 
 *  < OK

 *

 * ADDR, SIZE, VALUE are all integers parsed with strtoul() with a base of 0.

 * For 'memset' a zero size is permitted and does nothing.

 *

 * DATA is an arbitrarily long hex number prefixed with '0x'.  If it's smaller

 * than the expected size, the value will be zero filled at the end of the data
@@ -493,10 +494,12 @@ static void qtest_process_command(CharDriverState *chr, gchar **words) 
        len = strtoull(words[2], NULL, 0);

        pattern = strtoull(words[3], NULL, 0);



        if (len) {

            data = g_malloc(len);

            memset(data, pattern, len);

            cpu_physical_memory_write(addr, data, len);

            g_free(data);

        }



        qtest_send_prefix(chr);

        qtest_send(chr, "OK\n");