ShuriZma
/
xqemu
mirror of https://github.com/xqemu/xqemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

linux-user: Check lock_user() return value for NULL 

lock_user() can return NULL, which typically means the syscall
should fail with EFAULT. Add checks in various places where
Coverity spotted that we were missing them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
This commit is contained in:
Peter Maydell 2016-07-12 13:02:13 +01:00 committed by Riku Voipio
parent 68754b442b
commit 3211215e74
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
linux-user/syscall.c
View File

@ -5008,6 +5008,11 @@ static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
host_data = (char*)host_dm + host_dm->data_start; host_data = (char*)host_dm + host_dm->data_start;
argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1); argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1);
if (!argptr) {
ret = -TARGET_EFAULT;
goto out;
}
switch (ie->host_cmd) { switch (ie->host_cmd) {
case DM_REMOVE_ALL: case DM_REMOVE_ALL:
case DM_LIST_DEVICES: case DM_LIST_DEVICES:
@ -11271,6 +11276,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
case TARGET_NR_mq_unlink: case TARGET_NR_mq_unlink:
p = lock_user_string(arg1 - 1); p = lock_user_string(arg1 - 1);
if (!p) {
ret = -TARGET_EFAULT;
break;
}
ret = get_errno(mq_unlink(p)); ret = get_errno(mq_unlink(p));
unlock_user (p, arg1, 0); unlock_user (p, arg1, 0);
break; break;