diff --git a/qtest.c b/qtest.c
index 46b99aed5291c827bde5ea3857d7d3cfb7cd55e4..bd9d4178129be85b02d0824273de2032ad6e6c9c 100644
--- a/qtest.c
+++ b/qtest.c
@@ -430,6 +430,8 @@ static void qtest_process_command(CharBackend *chr, gchar **words)
         g_assert(words[1] && words[2]);
         g_assert(qemu_strtoull(words[1], NULL, 0, &addr) == 0);
         g_assert(qemu_strtoull(words[2], NULL, 0, &len) == 0);
+        /* We'd send garbage to libqtest if len is 0 */
+        g_assert(len);
 
         data = g_malloc(len);
         cpu_physical_memory_read(addr, data, len);
diff --git a/tests/libqtest.c b/tests/libqtest.c
index 6f6975248fae1e33e1076f93933a12e8766e2dc2..d8fba6647a1777f8d037c80a92dc9d7269aa281c 100644
--- a/tests/libqtest.c
+++ b/tests/libqtest.c
@@ -768,6 +768,10 @@ void qtest_memread(QTestState *s, uint64_t addr, void *data, size_t size)
     gchar **args;
     size_t i;
 
+    if (!size) {
+        return;
+    }
+
     qtest_sendf(s, "read 0x%" PRIx64 " 0x%zx\n", addr, size);
     args = qtest_rsp(s, 2);
 
@@ -858,7 +862,13 @@ void qtest_memwrite(QTestState *s, uint64_t addr, const void *data, size_t size)
 {
     const uint8_t *ptr = data;
     size_t i;
-    char *enc = g_malloc(2 * size + 1);
+    char *enc;
+
+    if (!size) {
+        return;
+    }
+
+    enc = g_malloc(2 * size + 1);
 
     for (i = 0; i < size; i++) {
         sprintf(&enc[i * 2], "%02x", ptr[i]);