Commit ac4b0d0c4feb291643c0e8a07a92e449e13881b5
1 parent
dc72ac14
Add qemu_strndup: qemu_strdup with length limit.
Also optimise qemu_strdup by using memcpy - using pstrcpy is usually suboptimal. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5653 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
3 changed files
with
20 additions
and
5 deletions
hw/bt-hci.c
| @@ -1137,7 +1137,7 @@ static void bt_hci_reset(struct bt_hci_s *hci) | @@ -1137,7 +1137,7 @@ static void bt_hci_reset(struct bt_hci_s *hci) | ||
| 1137 | hci->device.inquiry_scan = 0; | 1137 | hci->device.inquiry_scan = 0; |
| 1138 | hci->device.page_scan = 0; | 1138 | hci->device.page_scan = 0; |
| 1139 | if (hci->device.lmp_name) | 1139 | if (hci->device.lmp_name) |
| 1140 | - free((void *) hci->device.lmp_name); | 1140 | + qemu_free((void *) hci->device.lmp_name); |
| 1141 | hci->device.lmp_name = 0; | 1141 | hci->device.lmp_name = 0; |
| 1142 | hci->device.class[0] = 0x00; | 1142 | hci->device.class[0] = 0x00; |
| 1143 | hci->device.class[1] = 0x00; | 1143 | hci->device.class[1] = 0x00; |
| @@ -1815,8 +1815,8 @@ static void bt_submit_hci(struct HCIInfo *info, | @@ -1815,8 +1815,8 @@ static void bt_submit_hci(struct HCIInfo *info, | ||
| 1815 | LENGTH_CHECK(change_local_name); | 1815 | LENGTH_CHECK(change_local_name); |
| 1816 | 1816 | ||
| 1817 | if (hci->device.lmp_name) | 1817 | if (hci->device.lmp_name) |
| 1818 | - free((void *) hci->device.lmp_name); | ||
| 1819 | - hci->device.lmp_name = strndup(PARAM(change_local_name, name), | 1818 | + qemu_free((void *) hci->device.lmp_name); |
| 1819 | + hci->device.lmp_name = qemu_strndup(PARAM(change_local_name, name), | ||
| 1820 | sizeof(PARAM(change_local_name, name))); | 1820 | sizeof(PARAM(change_local_name, name))); |
| 1821 | bt_hci_event_complete_status(hci, HCI_SUCCESS); | 1821 | bt_hci_event_complete_status(hci, HCI_SUCCESS); |
| 1822 | break; | 1822 | break; |
| @@ -2191,7 +2191,7 @@ static void bt_hci_done(struct HCIInfo *info) | @@ -2191,7 +2191,7 @@ static void bt_hci_done(struct HCIInfo *info) | ||
| 2191 | bt_device_done(&hci->device); | 2191 | bt_device_done(&hci->device); |
| 2192 | 2192 | ||
| 2193 | if (hci->device.lmp_name) | 2193 | if (hci->device.lmp_name) |
| 2194 | - free((void *) hci->device.lmp_name); | 2194 | + qemu_free((void *) hci->device.lmp_name); |
| 2195 | 2195 | ||
| 2196 | /* Be gentle and send DISCONNECT to all connected peers and those | 2196 | /* Be gentle and send DISCONNECT to all connected peers and those |
| 2197 | * currently waiting for us to accept or reject a connection request. | 2197 | * currently waiting for us to accept or reject a connection request. |
qemu-common.h
| @@ -98,6 +98,7 @@ void *qemu_realloc(void *ptr, size_t size); | @@ -98,6 +98,7 @@ void *qemu_realloc(void *ptr, size_t size); | ||
| 98 | void *qemu_mallocz(size_t size); | 98 | void *qemu_mallocz(size_t size); |
| 99 | void qemu_free(void *ptr); | 99 | void qemu_free(void *ptr); |
| 100 | char *qemu_strdup(const char *str); | 100 | char *qemu_strdup(const char *str); |
| 101 | +char *qemu_strndup(const char *str, size_t size); | ||
| 101 | 102 | ||
| 102 | void *get_mmap_addr(unsigned long size); | 103 | void *get_mmap_addr(unsigned long size); |
| 103 | 104 |
qemu-malloc.c
| @@ -60,6 +60,20 @@ char *qemu_strdup(const char *str) | @@ -60,6 +60,20 @@ char *qemu_strdup(const char *str) | ||
| 60 | ptr = qemu_malloc(len + 1); | 60 | ptr = qemu_malloc(len + 1); |
| 61 | if (!ptr) | 61 | if (!ptr) |
| 62 | return NULL; | 62 | return NULL; |
| 63 | - pstrcpy(ptr, len + 1, str); | 63 | + memcpy(ptr, str, len + 1); |
| 64 | return ptr; | 64 | return ptr; |
| 65 | } | 65 | } |
| 66 | + | ||
| 67 | +char *qemu_strndup(const char *str, size_t size) | ||
| 68 | +{ | ||
| 69 | + const char *end = memchr(str, 0, size); | ||
| 70 | + char *new; | ||
| 71 | + | ||
| 72 | + if (end) | ||
| 73 | + size = end - str; | ||
| 74 | + | ||
| 75 | + new = qemu_malloc(size + 1); | ||
| 76 | + new[size] = 0; | ||
| 77 | + | ||
| 78 | + return memcpy(new, str, size); | ||
| 79 | +} |