| Message ID | 1360346321-2568-1-git-send-email-peter.maydell@linaro.org |
|---|---|
| State | New |
| Headers | show |
On 2013-02-08 09:58, Peter Maydell wrote: > If the guest passes us a bogus negative length for an iovec, fail > EINVAL rather than proceeding blindly forward. This fixes some of > the error cases tests for readv and writev in the LTP. > > Signed-off-by: Peter Maydell<peter.maydell@linaro.org> > --- > I guess I'll resend this mixed bag of linux-user patches as a single > series after the trunk reopens; feel free to review in the meantime :-) > > linux-user/syscall.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Reviewed-by: Richard Henderson <rth@twiddle.net> r~
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 35df073..d38eb24 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -1779,7 +1779,7 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr, errno = 0; return NULL; } - if (count > IOV_MAX) { + if (count < 0 || count > IOV_MAX) { errno = EINVAL; return NULL; }
If the guest passes us a bogus negative length for an iovec, fail EINVAL rather than proceeding blindly forward. This fixes some of the error cases tests for readv and writev in the LTP. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- I guess I'll resend this mixed bag of linux-user patches as a single series after the trunk reopens; feel free to review in the meantime :-) linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)