From patchwork Tue Feb 5 20:44:23 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 218340 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 6E2172C02C9 for ; Wed, 6 Feb 2013 07:44:49 +1100 (EST) Received: from localhost ([::1]:40894 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U2pNn-0004mq-KR for incoming@patchwork.ozlabs.org; Tue, 05 Feb 2013 15:44:47 -0500 Received: from eggs.gnu.org ([208.118.235.92]:57606) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U2pNe-0004mT-Rn for qemu-devel@nongnu.org; Tue, 05 Feb 2013 15:44:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1U2pNc-0002hp-D1 for qemu-devel@nongnu.org; Tue, 05 Feb 2013 15:44:38 -0500 Received: from 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.1.0.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:1d0::1]:60291 helo=mnementh.archaic.org.uk) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U2pNc-0002g5-5G for qemu-devel@nongnu.org; Tue, 05 Feb 2013 15:44:36 -0500 Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.72) (envelope-from ) id 1U2pNP-00082P-UI; Tue, 05 Feb 2013 20:44:23 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Date: Tue, 5 Feb 2013 20:44:23 +0000 Message-Id: <1360097063-30874-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.2.5 X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:8b0:1d0::1 Cc: Kevin Wolf , Anthony Liguori , patches@linaro.org, Markus Armbruster , Luiz Capitulino , Blue Swirl , =?UTF-8?q?Andreas=20F=C3=A4rber?= Subject: [Qemu-devel] [PATCH v2 for-1.4] tests/test-string-input-visitor: Handle errors provoked by fuzz test X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org It's OK and expected for visitors to return errors when presented with the fuzz test's random data. Since the fuzzer doesn't care about errors, we pass in NULL rather than an Error**. This fixes a bug in the fuzzer where it was passing the same Error** into each visitor, with the effect that once one visitor returned an error, each later visitor would notice that it had been passed in an Error** representing an already set error, and do nothing. For the case of visit_type_str() we also need to handle the case where an error means that the visitor doesn't set our char*. We initialize the pointer to NULL so we can safely g_free() it regardless of whether the visitor allocated a string for us or not. This fixes a problem where this test failed the MacOSX malloc() consistency checks and might segfault on other platforms [due to calling free() on an uninitialized pointer variable when visit_type_str() failed.]. Signed-off-by: Peter Maydell Reviewed-by: Andreas Färber --- For 1.4 because it fixes a crash bug in the test. v1->v2 changes: I took Luiz' suggestions for simplifying this code: just pass NULL in as an Error** since we don't care about errors, and NULL-init sres so g_free() works either way. I agree with Luiz that the test leaks visitors, but since it won't leak enough to actually cause a problem, I leave that for a post-1.4 patch, since it's a separate bug to the one we're fixing here. tests/test-string-input-visitor.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/test-string-input-visitor.c b/tests/test-string-input-visitor.c index f6b0093..5989f81 100644 --- a/tests/test-string-input-visitor.c +++ b/tests/test-string-input-visitor.c @@ -174,7 +174,6 @@ static void test_visitor_in_fuzz(TestInputVisitorData *data, double nres; char *sres; EnumOne eres; - Error *errp = NULL; Visitor *v; unsigned int i; char buf[10000]; @@ -193,21 +192,22 @@ static void test_visitor_in_fuzz(TestInputVisitorData *data, } v = visitor_input_test_init(data, buf); - visit_type_int(v, &ires, NULL, &errp); + visit_type_int(v, &ires, NULL, NULL); v = visitor_input_test_init(data, buf); - visit_type_bool(v, &bres, NULL, &errp); + visit_type_bool(v, &bres, NULL, NULL); visitor_input_teardown(data, NULL); v = visitor_input_test_init(data, buf); - visit_type_number(v, &nres, NULL, &errp); + visit_type_number(v, &nres, NULL, NULL); v = visitor_input_test_init(data, buf); - visit_type_str(v, &sres, NULL, &errp); + sres = NULL; + visit_type_str(v, &sres, NULL, NULL); g_free(sres); v = visitor_input_test_init(data, buf); - visit_type_EnumOne(v, &eres, NULL, &errp); + visit_type_EnumOne(v, &eres, NULL, NULL); visitor_input_teardown(data, NULL); } }