It's OK and expected for visitors to return errors when presented with
the fuzz test's random data. This means the test harness needs to
handle them; check for and free any error after each visitor call,
and only free the string returned by visit_type_str if visit_type_str
succeeded.
This fixes a problem where this test failed the MacOSX malloc()
consistency checks and might segfault on other platforms [due
to calling free() on an uninitialized pointer variable].
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
---
tests/test-string-input-visitor.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/tests/test-string-input-visitor.c
b/tests/test-string-input-visitor.c
index f6b0093..793b334 100644
--- a/tests/test-string-input-visitor.c
+++ b/tests/test-string-input-visitor.c
@@ -194,20 +194,41 @@ static void test_visitor_in_fuzz(TestInputVisitorData
*data,
v = visitor_input_test_init(data, buf);
visit_type_int(v, &ires, NULL, &errp);
+ if (error_is_set(&errp)) {
+ error_free(errp);
+ errp = NULL;
+ }
v = visitor_input_test_init(data, buf);
visit_type_bool(v, &bres, NULL, &errp);
+ if (error_is_set(&errp)) {
+ error_free(errp);
+ errp = NULL;
+ }
visitor_input_teardown(data, NULL);
v = visitor_input_test_init(data, buf);
visit_type_number(v, &nres, NULL, &errp);
+ if (error_is_set(&errp)) {
+ error_free(errp);
+ errp = NULL;
+ }
v = visitor_input_test_init(data, buf);
visit_type_str(v, &sres, NULL, &errp);
- g_free(sres);
+ if (error_is_set(&errp)) {
+ error_free(errp);
+ errp = NULL;
+ } else {
+ g_free(sres);
+ }
v = visitor_input_test_init(data, buf);
visit_type_EnumOne(v, &eres, NULL, &errp);
+ if (error_is_set(&errp)) {
+ error_free(errp);
+ errp = NULL;
+ }
visitor_input_teardown(data, NULL);
}
}
--
1.7.11.4
