qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Fix for accept


From: Pablo Virolainen
Subject: [Qemu-devel] Fix for accept
Date: Thu, 13 Jul 2006 13:21:50 +0300
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060427 Debian/1.7.13-0ubuntu5.10

Following code crashes qemu user emulation.

#include <sys/types.h>
#include <sys/socket.h>

int main() {
        accept(0,NULL,NULL);
        return 0;
}

Pablo Virolainen
Index: linux-user/syscall.c
===================================================================
RCS file: /sources/qemu/qemu/linux-user/syscall.c,v
retrieving revision 1.75
diff -u -r1.75 syscall.c
--- linux-user/syscall.c        27 Jun 2006 21:08:10 -0000      1.75
+++ linux-user/syscall.c        13 Jul 2006 10:18:57 -0000
@@ -878,9 +878,20 @@
             int sockfd = tgetl(vptr);
             target_ulong target_addr = tgetl(vptr + n);
             target_ulong target_addrlen = tgetl(vptr + 2 * n);
-            socklen_t addrlen = tget32(target_addrlen);
-            void *addr = alloca(addrlen);
-
+            socklen_t addrlen=0;
+           /* Just to get rid of compiler warnings */
+           ulong addrt=0;
+            void *addr;
+           
+           get_user(addrlen,&target_addrlen);
+           get_user(addrt,&target_addr);
+           
+           if (addrt!=0) {
+               addr = alloca(addrlen);
+           } else {
+               addr = NULL;
+           }
+           
             ret = get_errno(accept(sockfd, addr, &addrlen));
             if (!is_error(ret)) {
                 host_to_target_sockaddr(target_addr, addr, addrlen);

reply via email to

[Prev in Thread] Current Thread [Next in Thread]