From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Hanna Reitz" <hreitz@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Laurent Vivier" <laurent@vivier.eu>,
"Alexandre Iooss" <erdnaxe@crans.org>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Michael Roth" <michael.roth@amd.com>,
"Zhang Chen" <chen.zhang@intel.com>,
"Shannon Zhao" <shannon.zhaosl@gmail.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Alex Williamson" <alex.williamson@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>,
"Eric Blake" <eblake@redhat.com>, "Stefan Weil" <sw@weilnetz.de>,
"John Snow" <jsnow@redhat.com>,
"Mahmoud Mandour" <ma.mandourr@gmail.com>,
"Li Zhijian" <lizhijian@cn.fujitsu.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
qemu-block@nongnu.org, "Helge Deller" <deller@gmx.de>,
"Michael S. Tsirkin" <mst@redhat.com>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Peter Xu" <peterx@redhat.com>,
"Gonglei (Arei)" <arei.gonglei@huawei.com>,
"Gerd Hoffmann" <kraxel@redhat.com>, "Fam Zheng" <fam@euphon.net>,
"Jason Wang" <jasowang@redhat.com>,
"Vladimir Sementsov-Ogievskiy" <vsementsov@virtuozzo.com>,
"Christian Schoenebeck" <qemu_oss@crudebyte.com>,
"Kevin Wolf" <kwolf@redhat.com>,
"Yuval Shaia" <yuval.shaia.ml@gmail.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
qemu-arm@nongnu.org, "Thomas Huth" <thuth@redhat.com>,
"Laurent Vivier" <lvivier@redhat.com>,
"Greg Kurz" <groug@kaod.org>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
qemu-ppc@nongnu.org, "David Hildenbrand" <david@redhat.com>
Subject: [PATCH 23/28] tests/unit: Replace g_memdup() by g_memdup2_qemu()
Date: Fri, 3 Sep 2021 13:06:57 +0200 [thread overview]
Message-ID: <20210903110702.588291-24-philmd@redhat.com> (raw)
In-Reply-To: <20210903110702.588291-1-philmd@redhat.com>
Per https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
The old API took the size of the memory to duplicate as a guint,
whereas most memory functions take memory sizes as a gsize. This
made it easy to accidentally pass a gsize to g_memdup(). For large
values, that would lead to a silent truncation of the size from 64
to 32 bits, and result in a heap area being returned which is
significantly smaller than what the caller expects. This can likely
be exploited in various modules to cause a heap buffer overflow.
Replace g_memdup() by the safer g_memdup2_qemu() wrapper.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
tests/unit/ptimer-test.c | 22 +++++++++++-----------
tests/unit/test-iov.c | 26 +++++++++++++-------------
2 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/tests/unit/ptimer-test.c b/tests/unit/ptimer-test.c
index 9176b96c1ce..23efeb04a57 100644
--- a/tests/unit/ptimer-test.c
+++ b/tests/unit/ptimer-test.c
@@ -798,64 +798,64 @@ static void add_ptimer_tests(uint8_t policy)
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/set_count policy=%s", policy_name),
- g_memdup(&policy, 1), check_set_count, g_free);
+ g_memdup2_qemu(&policy, 1), check_set_count, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/set_limit policy=%s", policy_name),
- g_memdup(&policy, 1), check_set_limit, g_free);
+ g_memdup2_qemu(&policy, 1), check_set_limit, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/oneshot policy=%s", policy_name),
- g_memdup(&policy, 1), check_oneshot, g_free);
+ g_memdup2_qemu(&policy, 1), check_oneshot, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/periodic policy=%s", policy_name),
- g_memdup(&policy, 1), check_periodic, g_free);
+ g_memdup2_qemu(&policy, 1), check_periodic, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/on_the_fly_mode_change policy=%s",
policy_name),
- g_memdup(&policy, 1), check_on_the_fly_mode_change, g_free);
+ g_memdup2_qemu(&policy, 1), check_on_the_fly_mode_change, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/on_the_fly_period_change policy=%s",
policy_name),
- g_memdup(&policy, 1), check_on_the_fly_period_change, g_free);
+ g_memdup2_qemu(&policy, 1), check_on_the_fly_period_change, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/on_the_fly_freq_change policy=%s",
policy_name),
- g_memdup(&policy, 1), check_on_the_fly_freq_change, g_free);
+ g_memdup2_qemu(&policy, 1), check_on_the_fly_freq_change, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/run_with_period_0 policy=%s",
policy_name),
- g_memdup(&policy, 1), check_run_with_period_0, g_free);
+ g_memdup2_qemu(&policy, 1), check_run_with_period_0, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/run_with_delta_0 policy=%s",
policy_name),
- g_memdup(&policy, 1), check_run_with_delta_0, g_free);
+ g_memdup2_qemu(&policy, 1), check_run_with_delta_0, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/periodic_with_load_0 policy=%s",
policy_name),
- g_memdup(&policy, 1), check_periodic_with_load_0, g_free);
+ g_memdup2_qemu(&policy, 1), check_periodic_with_load_0, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/oneshot_with_load_0 policy=%s",
policy_name),
- g_memdup(&policy, 1), check_oneshot_with_load_0, g_free);
+ g_memdup2_qemu(&policy, 1), check_oneshot_with_load_0, g_free);
g_free(tmp);
}
diff --git a/tests/unit/test-iov.c b/tests/unit/test-iov.c
index 5371066fb6a..19ae24adb70 100644
--- a/tests/unit/test-iov.c
+++ b/tests/unit/test-iov.c
@@ -173,7 +173,7 @@ static void test_io(void)
}
iov_from_buf(iov, niov, 0, buf, sz);
- siov = g_memdup(iov, sizeof(*iov) * niov);
+ siov = g_memdup2_qemu(iov, sizeof(*iov) * niov);
if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) < 0) {
perror("socketpair");
@@ -350,7 +350,7 @@ static void test_discard_front_undo(void)
/* Discard zero bytes */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
iov_discard_front_undoable(&iov_tmp, &iov_cnt_tmp, 0, &undo);
@@ -361,7 +361,7 @@ static void test_discard_front_undo(void)
/* Discard more bytes than vector size */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
size = iov_size(iov, iov_cnt);
@@ -373,7 +373,7 @@ static void test_discard_front_undo(void)
/* Discard entire vector */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
size = iov_size(iov, iov_cnt);
@@ -385,7 +385,7 @@ static void test_discard_front_undo(void)
/* Discard within first element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
size = g_test_rand_int_range(1, iov->iov_len);
@@ -397,7 +397,7 @@ static void test_discard_front_undo(void)
/* Discard entire first element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
iov_discard_front_undoable(&iov_tmp, &iov_cnt_tmp, iov->iov_len, &undo);
@@ -408,7 +408,7 @@ static void test_discard_front_undo(void)
/* Discard within second element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
size = iov->iov_len + g_test_rand_int_range(1, iov[1].iov_len);
@@ -499,7 +499,7 @@ static void test_discard_back_undo(void)
/* Discard zero bytes */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
iov_discard_back_undoable(iov, &iov_cnt_tmp, 0, &undo);
iov_discard_undo(&undo);
@@ -509,7 +509,7 @@ static void test_discard_back_undo(void)
/* Discard more bytes than vector size */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = iov_size(iov, iov_cnt);
iov_discard_back_undoable(iov, &iov_cnt_tmp, size + 1, &undo);
@@ -520,7 +520,7 @@ static void test_discard_back_undo(void)
/* Discard entire vector */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = iov_size(iov, iov_cnt);
iov_discard_back_undoable(iov, &iov_cnt_tmp, size, &undo);
@@ -531,7 +531,7 @@ static void test_discard_back_undo(void)
/* Discard within last element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = g_test_rand_int_range(1, iov[iov_cnt - 1].iov_len);
iov_discard_back_undoable(iov, &iov_cnt_tmp, size, &undo);
@@ -542,7 +542,7 @@ static void test_discard_back_undo(void)
/* Discard entire last element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = iov[iov_cnt - 1].iov_len;
iov_discard_back_undoable(iov, &iov_cnt_tmp, size, &undo);
@@ -553,7 +553,7 @@ static void test_discard_back_undo(void)
/* Discard within second-to-last element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = iov[iov_cnt - 1].iov_len +
g_test_rand_int_range(1, iov[iov_cnt - 2].iov_len);
--
2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Fam Zheng" <fam@euphon.net>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Li Zhijian" <lizhijian@cn.fujitsu.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Jason Wang" <jasowang@redhat.com>,
"Christian Schoenebeck" <qemu_oss@crudebyte.com>,
"Yuval Shaia" <yuval.shaia.ml@gmail.com>,
"Peter Xu" <peterx@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Alexandre Iooss" <erdnaxe@crans.org>,
"Eric Blake" <eblake@redhat.com>,
qemu-block@nongnu.org, "Zhang Chen" <chen.zhang@intel.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Helge Deller" <deller@gmx.de>,
"David Hildenbrand" <david@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>,
"Gonglei (Arei)" <arei.gonglei@huawei.com>,
"Stefan Weil" <sw@weilnetz.de>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
"Laurent Vivier" <lvivier@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Michael Roth" <michael.roth@amd.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Greg Kurz" <groug@kaod.org>,
"Alex Williamson" <alex.williamson@redhat.com>,
qemu-arm@nongnu.org, "Paolo Bonzini" <pbonzini@redhat.com>,
"John Snow" <jsnow@redhat.com>,
"David Gibson" <david@gibson.dropbear.id.au>,
"Kevin Wolf" <kwolf@redhat.com>,
"Vladimir Sementsov-Ogievskiy" <vsementsov@virtuozzo.com>,
"Laurent Vivier" <laurent@vivier.eu>,
"Shannon Zhao" <shannon.zhaosl@gmail.com>,
"Hanna Reitz" <hreitz@redhat.com>,
qemu-ppc@nongnu.org, "Igor Mammedov" <imammedo@redhat.com>,
"Mahmoud Mandour" <ma.mandourr@gmail.com>
Subject: [PATCH 23/28] tests/unit: Replace g_memdup() by g_memdup2_qemu()
Date: Fri, 3 Sep 2021 13:06:57 +0200 [thread overview]
Message-ID: <20210903110702.588291-24-philmd@redhat.com> (raw)
In-Reply-To: <20210903110702.588291-1-philmd@redhat.com>
Per https://discourse.gnome.org/t/port-your-module-from-g-memdup-to-g-memdup2-now/5538
The old API took the size of the memory to duplicate as a guint,
whereas most memory functions take memory sizes as a gsize. This
made it easy to accidentally pass a gsize to g_memdup(). For large
values, that would lead to a silent truncation of the size from 64
to 32 bits, and result in a heap area being returned which is
significantly smaller than what the caller expects. This can likely
be exploited in various modules to cause a heap buffer overflow.
Replace g_memdup() by the safer g_memdup2_qemu() wrapper.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
tests/unit/ptimer-test.c | 22 +++++++++++-----------
tests/unit/test-iov.c | 26 +++++++++++++-------------
2 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/tests/unit/ptimer-test.c b/tests/unit/ptimer-test.c
index 9176b96c1ce..23efeb04a57 100644
--- a/tests/unit/ptimer-test.c
+++ b/tests/unit/ptimer-test.c
@@ -798,64 +798,64 @@ static void add_ptimer_tests(uint8_t policy)
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/set_count policy=%s", policy_name),
- g_memdup(&policy, 1), check_set_count, g_free);
+ g_memdup2_qemu(&policy, 1), check_set_count, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/set_limit policy=%s", policy_name),
- g_memdup(&policy, 1), check_set_limit, g_free);
+ g_memdup2_qemu(&policy, 1), check_set_limit, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/oneshot policy=%s", policy_name),
- g_memdup(&policy, 1), check_oneshot, g_free);
+ g_memdup2_qemu(&policy, 1), check_oneshot, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/periodic policy=%s", policy_name),
- g_memdup(&policy, 1), check_periodic, g_free);
+ g_memdup2_qemu(&policy, 1), check_periodic, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/on_the_fly_mode_change policy=%s",
policy_name),
- g_memdup(&policy, 1), check_on_the_fly_mode_change, g_free);
+ g_memdup2_qemu(&policy, 1), check_on_the_fly_mode_change, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/on_the_fly_period_change policy=%s",
policy_name),
- g_memdup(&policy, 1), check_on_the_fly_period_change, g_free);
+ g_memdup2_qemu(&policy, 1), check_on_the_fly_period_change, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/on_the_fly_freq_change policy=%s",
policy_name),
- g_memdup(&policy, 1), check_on_the_fly_freq_change, g_free);
+ g_memdup2_qemu(&policy, 1), check_on_the_fly_freq_change, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/run_with_period_0 policy=%s",
policy_name),
- g_memdup(&policy, 1), check_run_with_period_0, g_free);
+ g_memdup2_qemu(&policy, 1), check_run_with_period_0, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/run_with_delta_0 policy=%s",
policy_name),
- g_memdup(&policy, 1), check_run_with_delta_0, g_free);
+ g_memdup2_qemu(&policy, 1), check_run_with_delta_0, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/periodic_with_load_0 policy=%s",
policy_name),
- g_memdup(&policy, 1), check_periodic_with_load_0, g_free);
+ g_memdup2_qemu(&policy, 1), check_periodic_with_load_0, g_free);
g_free(tmp);
g_test_add_data_func_full(
tmp = g_strdup_printf("/ptimer/oneshot_with_load_0 policy=%s",
policy_name),
- g_memdup(&policy, 1), check_oneshot_with_load_0, g_free);
+ g_memdup2_qemu(&policy, 1), check_oneshot_with_load_0, g_free);
g_free(tmp);
}
diff --git a/tests/unit/test-iov.c b/tests/unit/test-iov.c
index 5371066fb6a..19ae24adb70 100644
--- a/tests/unit/test-iov.c
+++ b/tests/unit/test-iov.c
@@ -173,7 +173,7 @@ static void test_io(void)
}
iov_from_buf(iov, niov, 0, buf, sz);
- siov = g_memdup(iov, sizeof(*iov) * niov);
+ siov = g_memdup2_qemu(iov, sizeof(*iov) * niov);
if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) < 0) {
perror("socketpair");
@@ -350,7 +350,7 @@ static void test_discard_front_undo(void)
/* Discard zero bytes */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
iov_discard_front_undoable(&iov_tmp, &iov_cnt_tmp, 0, &undo);
@@ -361,7 +361,7 @@ static void test_discard_front_undo(void)
/* Discard more bytes than vector size */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
size = iov_size(iov, iov_cnt);
@@ -373,7 +373,7 @@ static void test_discard_front_undo(void)
/* Discard entire vector */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
size = iov_size(iov, iov_cnt);
@@ -385,7 +385,7 @@ static void test_discard_front_undo(void)
/* Discard within first element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
size = g_test_rand_int_range(1, iov->iov_len);
@@ -397,7 +397,7 @@ static void test_discard_front_undo(void)
/* Discard entire first element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
iov_discard_front_undoable(&iov_tmp, &iov_cnt_tmp, iov->iov_len, &undo);
@@ -408,7 +408,7 @@ static void test_discard_front_undo(void)
/* Discard within second element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_tmp = iov;
iov_cnt_tmp = iov_cnt;
size = iov->iov_len + g_test_rand_int_range(1, iov[1].iov_len);
@@ -499,7 +499,7 @@ static void test_discard_back_undo(void)
/* Discard zero bytes */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
iov_discard_back_undoable(iov, &iov_cnt_tmp, 0, &undo);
iov_discard_undo(&undo);
@@ -509,7 +509,7 @@ static void test_discard_back_undo(void)
/* Discard more bytes than vector size */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = iov_size(iov, iov_cnt);
iov_discard_back_undoable(iov, &iov_cnt_tmp, size + 1, &undo);
@@ -520,7 +520,7 @@ static void test_discard_back_undo(void)
/* Discard entire vector */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = iov_size(iov, iov_cnt);
iov_discard_back_undoable(iov, &iov_cnt_tmp, size, &undo);
@@ -531,7 +531,7 @@ static void test_discard_back_undo(void)
/* Discard within last element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = g_test_rand_int_range(1, iov[iov_cnt - 1].iov_len);
iov_discard_back_undoable(iov, &iov_cnt_tmp, size, &undo);
@@ -542,7 +542,7 @@ static void test_discard_back_undo(void)
/* Discard entire last element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = iov[iov_cnt - 1].iov_len;
iov_discard_back_undoable(iov, &iov_cnt_tmp, size, &undo);
@@ -553,7 +553,7 @@ static void test_discard_back_undo(void)
/* Discard within second-to-last element */
iov_random(&iov, &iov_cnt);
- iov_orig = g_memdup(iov, sizeof(iov[0]) * iov_cnt);
+ iov_orig = g_memdup2_qemu(iov, sizeof(iov[0]) * iov_cnt);
iov_cnt_tmp = iov_cnt;
size = iov[iov_cnt - 1].iov_len +
g_test_rand_int_range(1, iov[iov_cnt - 2].iov_len);
--
2.31.1
next prev parent reply other threads:[~2021-09-03 11:09 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-03 11:06 [PATCH 00/28] glib: Replace g_memdup() by g_memdup2_qemu() Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 01/28] hw/hyperv/vmbus: Remove unused vmbus_load/save_req() Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 02/28] glib-compat: Introduce g_memdup2() wrapper Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:16 ` Daniel P. Berrangé
2021-09-03 11:16 ` Daniel P. Berrangé
2021-09-03 11:51 ` Vladimir Sementsov-Ogievskiy
2021-09-03 11:56 ` Daniel P. Berrangé
2021-09-03 11:56 ` Daniel P. Berrangé
2021-09-03 12:03 ` Vladimir Sementsov-Ogievskiy
2021-09-03 17:09 ` Philippe Mathieu-Daudé
2021-09-03 17:09 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 03/28] qapi: Replace g_memdup() by g_memdup2_qemu() Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:18 ` Daniel P. Berrangé
2021-09-03 11:18 ` Daniel P. Berrangé
2021-09-03 17:10 ` Philippe Mathieu-Daudé
2021-09-03 17:10 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 04/28] accel/tcg: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 05/28] block/qcow2-bitmap: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 06/28] softmmu: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 07/28] hw/9pfs: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 08/28] hw/acpi: Avoid truncating acpi_data_len() to 32-bit Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-08 7:15 ` Igor Mammedov
2021-09-08 7:15 ` Igor Mammedov
2021-09-03 11:06 ` [PATCH 09/28] hw/acpi: Replace g_memdup() by g_memdup2_qemu() Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-08 7:16 ` Igor Mammedov
2021-09-08 7:16 ` Igor Mammedov
2021-09-03 11:06 ` [PATCH 10/28] hw/core/machine: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 11/28] hw/hppa/machine: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 12/28] hw/i386/multiboot: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 13/28] hw/net/eepro100: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 14/28] hw/nvram/fw_cfg: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 15/28] hw/scsi/mptsas: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 16/28] hw/ppc/spapr_pci: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:45 ` David Gibson
2021-09-03 11:45 ` David Gibson
2021-09-03 11:06 ` [PATCH 17/28] hw/rdma: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 18/28] hw/vfio/pci: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [RFC PATCH 19/28] hw/virtio: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 20/28] net/colo: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [RFC PATCH 21/28] ui/clipboard: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [RFC PATCH 22/28] linux-user: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé [this message]
2021-09-03 11:06 ` [PATCH 23/28] tests/unit: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 24/28] tests/qtest: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:06 ` [PATCH 25/28] target/arm: " Philippe Mathieu-Daudé
2021-09-03 11:06 ` Philippe Mathieu-Daudé
2021-09-03 11:07 ` [PATCH 26/28] target/ppc: " Philippe Mathieu-Daudé
2021-09-03 11:07 ` Philippe Mathieu-Daudé
2021-09-03 11:45 ` David Gibson
2021-09-03 11:45 ` David Gibson
2021-09-03 11:07 ` [PATCH 27/28] contrib: " Philippe Mathieu-Daudé
2021-09-03 11:07 ` Philippe Mathieu-Daudé
2021-09-03 11:07 ` [PATCH 28/28] checkpatch: Do not allow deprecated g_memdup() Philippe Mathieu-Daudé
2021-09-03 11:07 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210903110702.588291-24-philmd@redhat.com \
--to=philmd@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=alex.williamson@redhat.com \
--cc=arei.gonglei@huawei.com \
--cc=armbru@redhat.com \
--cc=chen.zhang@intel.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=deller@gmx.de \
--cc=eblake@redhat.com \
--cc=ehabkost@redhat.com \
--cc=erdnaxe@crans.org \
--cc=fam@euphon.net \
--cc=groug@kaod.org \
--cc=hreitz@redhat.com \
--cc=imammedo@redhat.com \
--cc=jasowang@redhat.com \
--cc=jsnow@redhat.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=laurent@vivier.eu \
--cc=lizhijian@cn.fujitsu.com \
--cc=lvivier@redhat.com \
--cc=ma.mandourr@gmail.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu_oss@crudebyte.com \
--cc=richard.henderson@linaro.org \
--cc=shannon.zhaosl@gmail.com \
--cc=sw@weilnetz.de \
--cc=thuth@redhat.com \
--cc=vsementsov@virtuozzo.com \
--cc=yuval.shaia.ml@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.