From 2dd08dfd9a553af3d53c6508e436b0c2aa5a469b Mon Sep 17 00:00:00 2001 From: Joakim Tjernlund Date: Fri, 11 Jul 2014 17:18:03 +0200 Subject: [PATCH] alloca one extra byte sockets target_to_host_sockaddr() may increase the lenth with 1 byte for AF_UNIX sockets so allocate 1 extra byte. Signed-off-by: Joakim Tjernlund Reviewed-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 7163ade3f3..a50229d0d7 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -1984,7 +1984,7 @@ static abi_long do_connect(int sockfd, abi_ulong target_addr, return -TARGET_EINVAL; } - addr = alloca(addrlen); + addr = alloca(addrlen+1); ret = target_to_host_sockaddr(addr, target_addr, addrlen); if (ret) @@ -2005,7 +2005,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, if (msgp->msg_name) { msg.msg_namelen = tswap32(msgp->msg_namelen); - msg.msg_name = alloca(msg.msg_namelen); + msg.msg_name = alloca(msg.msg_namelen+1); ret = target_to_host_sockaddr(msg.msg_name, tswapal(msgp->msg_name), msg.msg_namelen); if (ret) { @@ -2268,7 +2268,7 @@ static abi_long do_sendto(int fd, abi_ulong msg, size_t len, int flags, if (!host_msg) return -TARGET_EFAULT; if (target_addr) { - addr = alloca(addrlen); + addr = alloca(addrlen+1); ret = target_to_host_sockaddr(addr, target_addr, addrlen); if (ret) { unlock_user(host_msg, msg, 0);