From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:33438) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U1kmC-0007I0-1G for qemu-devel@nongnu.org; Sat, 02 Feb 2013 16:37:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1U1kmA-0003gx-P5 for qemu-devel@nongnu.org; Sat, 02 Feb 2013 16:37:31 -0500 Received: from cantor2.suse.de ([195.135.220.15]:52128 helo=mx2.suse.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U1kmA-0003gq-G1 for qemu-devel@nongnu.org; Sat, 02 Feb 2013 16:37:30 -0500 Message-ID: <510D8712.7090005@suse.de> Date: Sat, 02 Feb 2013 22:37:22 +0100 From: =?ISO-8859-15?Q?Andreas_F=E4rber?= MIME-Version: 1.0 References: <1359839979-26852-1-git-send-email-peter.maydell@linaro.org> In-Reply-To: <1359839979-26852-1-git-send-email-peter.maydell@linaro.org> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH for-1.4] tests/test-string-input-visitor: Handle errors provoked by fuzz test List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: Blue Swirl , Kevin Wolf , qemu-devel@nongnu.org, patches@linaro.org Am 02.02.2013 22:19, schrieb Peter Maydell: > It's OK and expected for visitors to return errors when presented with > the fuzz test's random data. This means the test harness needs to > handle them; check for and free any error after each visitor call, > and only free the string returned by visit_type_str if visit_type_str > succeeded. >=20 > This fixes a problem where this test failed the MacOSX malloc() > consistency checks and might segfault on other platforms [due > to calling free() on an uninitialized pointer variable]. >=20 > Signed-off-by: Peter Maydell > --- > tests/test-string-input-visitor.c | 23 ++++++++++++++++++++++- > 1 file changed, 22 insertions(+), 1 deletion(-) >=20 > diff --git a/tests/test-string-input-visitor.c b/tests/test-string-inpu= t-visitor.c > index f6b0093..793b334 100644 > --- a/tests/test-string-input-visitor.c > +++ b/tests/test-string-input-visitor.c > @@ -194,20 +194,41 @@ static void test_visitor_in_fuzz(TestInputVisitor= Data *data, > =20 > v =3D visitor_input_test_init(data, buf); > visit_type_int(v, &ires, NULL, &errp); > + if (error_is_set(&errp)) { > + error_free(errp); > + errp =3D NULL; > + } It seems to me the naming is bad here: errp appears to be an Error*, not an Error**. It would be nice to fix this within the function touched. Since it is an Error*, I think it was said that we should not use error_is_set() but err !=3D NULL (or if you prefer, just err). error_is_set() is intended for **errp arguments that may be NULL. Your analysis and the freeing and NULL'ing as solution looks correct. Andreas > =20 > v =3D visitor_input_test_init(data, buf); > visit_type_bool(v, &bres, NULL, &errp); > + if (error_is_set(&errp)) { > + error_free(errp); > + errp =3D NULL; > + } > visitor_input_teardown(data, NULL); > =20 > v =3D visitor_input_test_init(data, buf); > visit_type_number(v, &nres, NULL, &errp); > + if (error_is_set(&errp)) { > + error_free(errp); > + errp =3D NULL; > + } > =20 > v =3D visitor_input_test_init(data, buf); > visit_type_str(v, &sres, NULL, &errp); > - g_free(sres); > + if (error_is_set(&errp)) { > + error_free(errp); > + errp =3D NULL; > + } else { > + g_free(sres); > + } > =20 > v =3D visitor_input_test_init(data, buf); > visit_type_EnumOne(v, &eres, NULL, &errp); > + if (error_is_set(&errp)) { > + error_free(errp); > + errp =3D NULL; > + } > visitor_input_teardown(data, NULL); > } > } >=20 --=20 SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 N=FCrnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imend=F6rffer; HRB 16746 AG N=FCrnbe= rg