qtest.c: Allow zero size in memset qtest commands

Some tests use the qtest protocol "memset" command with a zero size, expecting it to do nothing. However in the current code this will result in calling memset() with a NULL pointer, which is undefined behaviour. Detect and specially handle zero sizes to avoid this. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1470393800-7882-1-git-send-email-peter.maydell@linaro.org
2016-08-05 11:43:20 +01:00 · 2016-08-05 11:43:20 +01:00 · 5f31bbf101
parent 33e60e0198
commit 5f31bbf101
1 changed files with 7 additions and 4 deletions
--- a/qtest.c
+++ b/qtest.c
@ -133,6 +133,7 @@ static bool qtest_opened;
 *  < OK
 *
 * ADDR, SIZE, VALUE are all integers parsed with strtoul() with a base of 0.
+ * For 'memset' a zero size is permitted and does nothing.
 *
 * DATA is an arbitrarily long hex number prefixed with '0x'.  If it's smaller
 * than the expected size, the value will be zero filled at the end of the data
@ -493,10 +494,12 @@ static void qtest_process_command(CharDriverState *chr, gchar **words)
        len = strtoull(words[2], NULL, 0);
        pattern = strtoull(words[3], NULL, 0);

-        data = g_malloc(len);
-        memset(data, pattern, len);
-        cpu_physical_memory_write(addr, data, len);
-        g_free(data);
+        if (len) {
+            data = g_malloc(len);
+            memset(data, pattern, len);
+            cpu_physical_memory_write(addr, data, len);
+            g_free(data);
+        }

        qtest_send_prefix(chr);
        qtest_send(chr, "OK\n");