linux-user/syscall.c - don't add GUEST_BASE to NULL pointer

Message ID	200908260002.03066.dl9pf@gmx.de
State	Superseded
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: "Jan-Simon =?utf-8?q?M=C3=B6ller?=" <dl9pf@gmx.de> To: qemu-devel@nongnu.org Date: Wed, 26 Aug 2009 00:02:02 +0200 User-Agent: KMail/1.9.9 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200908260002.03066.dl9pf@gmx.de> Subject: [Qemu-devel] [Patch] linux-user/syscall.c - don't add GUEST_BASE to NULL pointer Precedence: list Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

200908260002.03066.dl9pf@gmx.de

State

Superseded

Headers

From: "Jan-Simon =?utf-8?q?M=C3=B6ller?=" <dl9pf@gmx.de>
To: qemu-devel@nongnu.org
Date: Wed, 26 Aug 2009 00:02:02 +0200
User-Agent: KMail/1.9.9
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200908260002.03066.dl9pf@gmx.de>
Subject: [Qemu-devel] [Patch] linux-user/syscall.c - don't add GUEST_BASE to
	NULL pointer
Precedence: list
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Jan-Simon Möller Aug. 25, 2009, 10:02 p.m. UTC

This patch fixes the mount call. GUEST_BASE shouldn't be added to a NULL pointer on arg5 .
failing call: 
mount("rootfs", "/", 0x47a78, MS_MGC_VAL|MS_REMOUNT, 0x10000) = -1 EFAULT (Bad address)

correct call:
mount("rootfs", "/", 0x37ab0, MS_MGC_VAL|MS_REMOUNT, NULL) = 0


Signed-off-by:  Jan-Simon Möller  <dl9pf@gmx.de>
---
 linux-user/syscall.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 673eed4..5b2ec4f 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4445,12 +4445,16 @@  abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                        p3 = lock_user_string(arg3);
                         if (!p || !p2 || !p3)
                             ret = -TARGET_EFAULT;
-                        else
+                        else {
                             /* FIXME - arg5 should be locked, but it isn't clear how to
                              * do that since it's not guaranteed to be a NULL-terminated
                              * string.
                              */
-                            ret = get_errno(mount(p, p2, p3, (unsigned long)arg4, g2h(arg5)));
+                            if ( ! arg5 )
+                                ret = get_errno(mount(p, p2, p3, (unsigned long)arg4, NULL));
+                            else
+                                ret = get_errno(mount(p, p2, p3, (unsigned long)arg4, g2h(arg5)));
+                        }
                         unlock_user(p, arg1, 0);
                         unlock_user(p2, arg2, 0);
                         unlock_user(p3, arg3, 0);