Message ID | 20170727024224.22900-15-f4bug@amsat.org |
---|---|
State | New |
Headers | show |
Le 27/07/2017 à 04:42, Philippe Mathieu-Daudé a écrit : > linux-user/syscall.c:555:25: warning: Out of bound memory access (accessed memory precedes memory block) > target_fd_trans[fd] = trans; > ~~~~~~~~~~~~~~~~~~~~^~~~~~~ > > Reported-by: Clang Static Analyzer > Suggested-by: Laurent Vivier <lvivier@redhat.com> > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> > --- > linux-user/syscall.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index 81f52f7483..dfc1301e63 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -11742,7 +11742,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, > #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init) > case TARGET_NR_inotify_init: > ret = get_errno(sys_inotify_init()); > - fd_trans_register(ret, &target_inotify_trans); > + if (ret >= 0) { > + fd_trans_register(ret, &target_inotify_trans); > + } > break; > #endif > #ifdef CONFIG_INOTIFY1 > @@ -11750,7 +11752,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, > case TARGET_NR_inotify_init1: > ret = get_errno(sys_inotify_init1(target_to_host_bitmask(arg1, > fcntl_flags_tbl))); > - fd_trans_register(ret, &target_inotify_trans); > + if (ret >= 0) { > + fd_trans_register(ret, &target_inotify_trans); > + } > break; > #endif > #endif > @@ -11916,7 +11920,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, > #if defined(TARGET_NR_eventfd) > case TARGET_NR_eventfd: > ret = get_errno(eventfd(arg1, 0)); > - fd_trans_register(ret, &target_eventfd_trans); > + if (ret >= 0) { > + fd_trans_register(ret, &target_eventfd_trans); > + } > break; > #endif > #if defined(TARGET_NR_eventfd2) > @@ -11930,7 +11936,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, > host_flags |= O_CLOEXEC; > } > ret = get_errno(eventfd(arg1, host_flags)); > - fd_trans_register(ret, &target_eventfd_trans); > + if (ret >= 0) { > + fd_trans_register(ret, &target_eventfd_trans); > + } > break; > } > #endif >
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 81f52f7483..dfc1301e63 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -11742,7 +11742,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init) case TARGET_NR_inotify_init: ret = get_errno(sys_inotify_init()); - fd_trans_register(ret, &target_inotify_trans); + if (ret >= 0) { + fd_trans_register(ret, &target_inotify_trans); + } break; #endif #ifdef CONFIG_INOTIFY1 @@ -11750,7 +11752,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, case TARGET_NR_inotify_init1: ret = get_errno(sys_inotify_init1(target_to_host_bitmask(arg1, fcntl_flags_tbl))); - fd_trans_register(ret, &target_inotify_trans); + if (ret >= 0) { + fd_trans_register(ret, &target_inotify_trans); + } break; #endif #endif @@ -11916,7 +11920,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, #if defined(TARGET_NR_eventfd) case TARGET_NR_eventfd: ret = get_errno(eventfd(arg1, 0)); - fd_trans_register(ret, &target_eventfd_trans); + if (ret >= 0) { + fd_trans_register(ret, &target_eventfd_trans); + } break; #endif #if defined(TARGET_NR_eventfd2) @@ -11930,7 +11936,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, host_flags |= O_CLOEXEC; } ret = get_errno(eventfd(arg1, host_flags)); - fd_trans_register(ret, &target_eventfd_trans); + if (ret >= 0) { + fd_trans_register(ret, &target_eventfd_trans); + } break; } #endif
linux-user/syscall.c:555:25: warning: Out of bound memory access (accessed memory precedes memory block) target_fd_trans[fd] = trans; ~~~~~~~~~~~~~~~~~~~~^~~~~~~ Reported-by: Clang Static Analyzer Suggested-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> --- linux-user/syscall.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-)