summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hw/bt-hci.c8
-rw-r--r--qemu-common.h1
-rw-r--r--qemu-malloc.c16
3 files changed, 20 insertions, 5 deletions
diff --git a/hw/bt-hci.c b/hw/bt-hci.c
index 71c12b85f6..96a5b115a0 100644
--- a/hw/bt-hci.c
+++ b/hw/bt-hci.c
@@ -1137,7 +1137,7 @@ static void bt_hci_reset(struct bt_hci_s *hci)
hci->device.inquiry_scan = 0;
hci->device.page_scan = 0;
if (hci->device.lmp_name)
- free((void *) hci->device.lmp_name);
+ qemu_free((void *) hci->device.lmp_name);
hci->device.lmp_name = 0;
hci->device.class[0] = 0x00;
hci->device.class[1] = 0x00;
@@ -1815,8 +1815,8 @@ static void bt_submit_hci(struct HCIInfo *info,
LENGTH_CHECK(change_local_name);
if (hci->device.lmp_name)
- free((void *) hci->device.lmp_name);
- hci->device.lmp_name = strndup(PARAM(change_local_name, name),
+ qemu_free((void *) hci->device.lmp_name);
+ hci->device.lmp_name = qemu_strndup(PARAM(change_local_name, name),
sizeof(PARAM(change_local_name, name)));
bt_hci_event_complete_status(hci, HCI_SUCCESS);
break;
@@ -2191,7 +2191,7 @@ static void bt_hci_done(struct HCIInfo *info)
bt_device_done(&hci->device);
if (hci->device.lmp_name)
- free((void *) hci->device.lmp_name);
+ qemu_free((void *) hci->device.lmp_name);
/* Be gentle and send DISCONNECT to all connected peers and those
* currently waiting for us to accept or reject a connection request.
diff --git a/qemu-common.h b/qemu-common.h
index 2b7f7e1a10..f5480dd7ac 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -98,6 +98,7 @@ void *qemu_realloc(void *ptr, size_t size);
void *qemu_mallocz(size_t size);
void qemu_free(void *ptr);
char *qemu_strdup(const char *str);
+char *qemu_strndup(const char *str, size_t size);
void *get_mmap_addr(unsigned long size);
diff --git a/qemu-malloc.c b/qemu-malloc.c
index 3bffae1fbb..dc74efed17 100644
--- a/qemu-malloc.c
+++ b/qemu-malloc.c
@@ -60,6 +60,20 @@ char *qemu_strdup(const char *str)
ptr = qemu_malloc(len + 1);
if (!ptr)
return NULL;
- pstrcpy(ptr, len + 1, str);
+ memcpy(ptr, str, len + 1);
return ptr;
}
+
+char *qemu_strndup(const char *str, size_t size)
+{
+ const char *end = memchr(str, 0, size);
+ char *new;
+
+ if (end)
+ size = end - str;
+
+ new = qemu_malloc(size + 1);
+ new[size] = 0;
+
+ return memcpy(new, str, size);
+}