Message ID | 20170307072147.1425-1-ppandit@redhat.com |
---|---|
State | New |
Headers | show |
On 03/07/2017 01:21 AM, P J P wrote: > From: Prasad J Pandit <pjp@fedoraproject.org> > > Arguments passed to execve(2) call from user program could > be large, allocating stack memory for them via alloca(3) call > would lead to bad behaviour. Use 'g_new0' to allocate memory > for such arguments. > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> > --- > linux-user/syscall.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) Reviewed-by: Eric Blake <eblake@redhat.com>
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index cec8428..c672581 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -7926,8 +7926,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, envc++; } - argp = alloca((argc + 1) * sizeof(void *)); - envp = alloca((envc + 1) * sizeof(void *)); + argp = g_new0(char *, argc + 1); + envp = g_new0(char *, envc + 1); for (gp = guest_argp, q = argp; gp; gp += sizeof(abi_ulong), q++) { @@ -7988,6 +7988,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, break; unlock_user(*q, addr, 0); } + + g_free(argp); + g_free(envp); } break; case TARGET_NR_chdir: