diff --git a/hw/bt-hci.c b/hw/bt-hci.c index 71c12b85f6..96a5b115a0 100644 --- a/hw/bt-hci.c +++ b/hw/bt-hci.c @@ -1137,7 +1137,7 @@ static void bt_hci_reset(struct bt_hci_s *hci) hci->device.inquiry_scan = 0; hci->device.page_scan = 0; if (hci->device.lmp_name) - free((void *) hci->device.lmp_name); + qemu_free((void *) hci->device.lmp_name); hci->device.lmp_name = 0; hci->device.class[0] = 0x00; hci->device.class[1] = 0x00; @@ -1815,8 +1815,8 @@ static void bt_submit_hci(struct HCIInfo *info, LENGTH_CHECK(change_local_name); if (hci->device.lmp_name) - free((void *) hci->device.lmp_name); - hci->device.lmp_name = strndup(PARAM(change_local_name, name), + qemu_free((void *) hci->device.lmp_name); + hci->device.lmp_name = qemu_strndup(PARAM(change_local_name, name), sizeof(PARAM(change_local_name, name))); bt_hci_event_complete_status(hci, HCI_SUCCESS); break; @@ -2191,7 +2191,7 @@ static void bt_hci_done(struct HCIInfo *info) bt_device_done(&hci->device); if (hci->device.lmp_name) - free((void *) hci->device.lmp_name); + qemu_free((void *) hci->device.lmp_name); /* Be gentle and send DISCONNECT to all connected peers and those * currently waiting for us to accept or reject a connection request. diff --git a/qemu-common.h b/qemu-common.h index 2b7f7e1a10..f5480dd7ac 100644 --- a/qemu-common.h +++ b/qemu-common.h @@ -98,6 +98,7 @@ void *qemu_realloc(void *ptr, size_t size); void *qemu_mallocz(size_t size); void qemu_free(void *ptr); char *qemu_strdup(const char *str); +char *qemu_strndup(const char *str, size_t size); void *get_mmap_addr(unsigned long size); diff --git a/qemu-malloc.c b/qemu-malloc.c index 3bffae1fbb..dc74efed17 100644 --- a/qemu-malloc.c +++ b/qemu-malloc.c @@ -60,6 +60,20 @@ char *qemu_strdup(const char *str) ptr = qemu_malloc(len + 1); if (!ptr) return NULL; - pstrcpy(ptr, len + 1, str); + memcpy(ptr, str, len + 1); return ptr; } + +char *qemu_strndup(const char *str, size_t size) +{ + const char *end = memchr(str, 0, size); + char *new; + + if (end) + size = end - str; + + new = qemu_malloc(size + 1); + new[size] = 0; + + return memcpy(new, str, size); +}