From patchwork Wed May 16 13:52:18 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jim Meyering X-Patchwork-Id: 159677 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 5F785B6FFC for ; Wed, 16 May 2012 23:52:41 +1000 (EST) Received: from localhost ([::1]:43079 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SUeed-0007D7-AQ for incoming@patchwork.ozlabs.org; Wed, 16 May 2012 09:52:39 -0400 Received: from eggs.gnu.org ([208.118.235.92]:57652) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SUeeT-0007D2-PM for qemu-devel@nongnu.org; Wed, 16 May 2012 09:52:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SUeeJ-0008KL-Tp for qemu-devel@nongnu.org; Wed, 16 May 2012 09:52:29 -0400 Received: from mx.meyering.net ([88.168.87.75]:37825) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SUeeJ-0008K3-Mv for qemu-devel@nongnu.org; Wed, 16 May 2012 09:52:19 -0400 Received: from rho.meyering.net (localhost.localdomain [127.0.0.1]) by rho.meyering.net (Acme Bit-Twister) with ESMTP id 3AE9860056; Wed, 16 May 2012 15:52:18 +0200 (CEST) From: Jim Meyering To: qemu-devel@nongnu.org In-Reply-To: <1337173681-25891-4-git-send-email-jim@meyering.net> (Jim Meyering's message of "Wed, 16 May 2012 15:07:58 +0200") References: <1337173681-25891-1-git-send-email-jim@meyering.net> <1337173681-25891-4-git-send-email-jim@meyering.net> Date: Wed, 16 May 2012 15:52:18 +0200 Message-ID: <87zk98w7vx.fsf_-_@rho.meyering.net> Lines: 39 MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 88.168.87.75 Cc: Riku Voipio Subject: [Qemu-devel] [PATCHv2 3/6] linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Also, use g_malloc to avoid NULL-deref upon OOM. Signed-off-by: Jim Meyering --- There are other, similar NULL-deref risks in this file. TBD separately. linux-user/syscall.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 1.7.10.2.520.g6a4a482 diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 20d2a74..9bf0b28 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2794,7 +2794,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0)) return -TARGET_EFAULT; - host_mb = malloc(msgsz+sizeof(long)); + host_mb = g_malloc(msgsz+sizeof(long)); ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg)); if (ret > 0) { @@ -2809,11 +2809,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, } target_mb->mtype = tswapal(host_mb->mtype); - free(host_mb); end: if (target_mb) unlock_user_struct(target_mb, msgp, 1); + g_free(host_mb); return ret; }