Commit ac4b0d0c4feb291643c0e8a07a92e449e13881b5
1 parent
dc72ac14
Add qemu_strndup: qemu_strdup with length limit.
Also optimise qemu_strdup by using memcpy - using pstrcpy is usually suboptimal. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5653 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
3 changed files
with
20 additions
and
5 deletions
hw/bt-hci.c
| ... | ... | @@ -1137,7 +1137,7 @@ static void bt_hci_reset(struct bt_hci_s *hci) |
| 1137 | 1137 | hci->device.inquiry_scan = 0; |
| 1138 | 1138 | hci->device.page_scan = 0; |
| 1139 | 1139 | if (hci->device.lmp_name) |
| 1140 | - free((void *) hci->device.lmp_name); | |
| 1140 | + qemu_free((void *) hci->device.lmp_name); | |
| 1141 | 1141 | hci->device.lmp_name = 0; |
| 1142 | 1142 | hci->device.class[0] = 0x00; |
| 1143 | 1143 | hci->device.class[1] = 0x00; |
| ... | ... | @@ -1815,8 +1815,8 @@ static void bt_submit_hci(struct HCIInfo *info, |
| 1815 | 1815 | LENGTH_CHECK(change_local_name); |
| 1816 | 1816 | |
| 1817 | 1817 | if (hci->device.lmp_name) |
| 1818 | - free((void *) hci->device.lmp_name); | |
| 1819 | - hci->device.lmp_name = strndup(PARAM(change_local_name, name), | |
| 1818 | + qemu_free((void *) hci->device.lmp_name); | |
| 1819 | + hci->device.lmp_name = qemu_strndup(PARAM(change_local_name, name), | |
| 1820 | 1820 | sizeof(PARAM(change_local_name, name))); |
| 1821 | 1821 | bt_hci_event_complete_status(hci, HCI_SUCCESS); |
| 1822 | 1822 | break; |
| ... | ... | @@ -2191,7 +2191,7 @@ static void bt_hci_done(struct HCIInfo *info) |
| 2191 | 2191 | bt_device_done(&hci->device); |
| 2192 | 2192 | |
| 2193 | 2193 | if (hci->device.lmp_name) |
| 2194 | - free((void *) hci->device.lmp_name); | |
| 2194 | + qemu_free((void *) hci->device.lmp_name); | |
| 2195 | 2195 | |
| 2196 | 2196 | /* Be gentle and send DISCONNECT to all connected peers and those |
| 2197 | 2197 | * currently waiting for us to accept or reject a connection request. | ... | ... |
qemu-common.h
| ... | ... | @@ -98,6 +98,7 @@ void *qemu_realloc(void *ptr, size_t size); |
| 98 | 98 | void *qemu_mallocz(size_t size); |
| 99 | 99 | void qemu_free(void *ptr); |
| 100 | 100 | char *qemu_strdup(const char *str); |
| 101 | +char *qemu_strndup(const char *str, size_t size); | |
| 101 | 102 | |
| 102 | 103 | void *get_mmap_addr(unsigned long size); |
| 103 | 104 | ... | ... |
qemu-malloc.c
| ... | ... | @@ -60,6 +60,20 @@ char *qemu_strdup(const char *str) |
| 60 | 60 | ptr = qemu_malloc(len + 1); |
| 61 | 61 | if (!ptr) |
| 62 | 62 | return NULL; |
| 63 | - pstrcpy(ptr, len + 1, str); | |
| 63 | + memcpy(ptr, str, len + 1); | |
| 64 | 64 | return ptr; |
| 65 | 65 | } |
| 66 | + | |
| 67 | +char *qemu_strndup(const char *str, size_t size) | |
| 68 | +{ | |
| 69 | + const char *end = memchr(str, 0, size); | |
| 70 | + char *new; | |
| 71 | + | |
| 72 | + if (end) | |
| 73 | + size = end - str; | |
| 74 | + | |
| 75 | + new = qemu_malloc(size + 1); | |
| 76 | + new[size] = 0; | |
| 77 | + | |
| 78 | + return memcpy(new, str, size); | |
| 79 | +} | ... | ... |