Do not abort on qemu_malloc(0) in production builds

qemu_malloc() does not allow size=0 to be passed in and aborts on this behavior.

Unfortunately, there is good reason to believe that within qemu, there are a
number of, so far, undetected places that assume size=0 can be safely passed.
Since we do not want to abort unnecessarily in production builds, return
qemu_malloc(1) whenever the version file indicates that this is a production
build.

Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 20ff6c8066eb5346b9e066851cf8a1e0564a0f1a)

diff --git a/configure b/configure
index a29839e6e3cab2e088e634c3f658601522abd1a7..273b6b7c65ca2860bbae0e6ce05b805134bc8345 100755 (executable)
--- a/configure
+++ b/configure
@@ -256,6 +256,7 @@ blobs="yes"
 pkgversion=""
 check_utests="no"
 user_pie="no"
+zero_malloc=""
 
 # OS specific
 if check_define __linux__ ; then
@@ -1792,8 +1793,9 @@ fi
 
 # Consult white-list to determine whether to enable werror
 # by default.  Only enable by default for git builds
+z_version=`cut -f3 -d. $source_path/VERSION`
+
 if test -z "$werror" ; then
-    z_version=`cut -f3 -d. $source_path/VERSION`
     if test "$z_version" = "50" -a \
         "$linux" = "yes" ; then
         werror="yes"
@@ -1802,6 +1804,16 @@ if test -z "$werror" ; then
     fi
 fi
 
+# Disable zero malloc errors for official releases unless explicitly told to
+# enable/disable
+if test -z "$zero_malloc" ; then
+    if test "$z_version" = "50" ; then
+       zero_malloc="no"
+    else
+       zero_malloc="yes"
+    fi
+fi
+
 if test "$werror" = "yes" ; then
     QEMU_CFLAGS="-Werror $QEMU_CFLAGS"
 fi
@@ -2109,6 +2121,10 @@ fi
 
 echo "CONFIG_UNAME_RELEASE=\"$uname_release\"" >> $config_host_mak
 
+if test "$zero_malloc" = "yes" ; then
+  echo "CONFIG_ZERO_MALLOC=y" >> $config_host_mak
+fi
+
 # USB host support
 case "$usb" in
 linux)

diff --git a/qemu-malloc.c b/qemu-malloc.c
index 295d1856efa235ef6a08e2bee43f016aa77406a6..5d9e34d69d713e1c238c2639acda422a4ae956f5 100644 (file)
--- a/qemu-malloc.c
+++ b/qemu-malloc.c
@@ -42,22 +42,29 @@ void qemu_free(void *ptr)
     free(ptr);
 }
 
+static int allow_zero_malloc(void)
+{
+#if defined(CONFIG_ZERO_MALLOC)
+    return 1;
+#else
+    return 0;
+#endif
+}
+
 void *qemu_malloc(size_t size)
 {
-    if (!size) {
+    if (!size && !allow_zero_malloc()) {
         abort();
     }
-    return oom_check(malloc(size));
+    return oom_check(malloc(size ? size : 1));
 }
 
 void *qemu_realloc(void *ptr, size_t size)
 {
     if (size) {
         return oom_check(realloc(ptr, size));
-    } else {
-        if (ptr) {
-            return realloc(ptr, size);
-        }
+    } else if (allow_zero_malloc()) {
+        return oom_check(realloc(ptr, size ? size : 1));
     }
     abort();
 }