[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-stable] [PATCH 35/37] linux-user: make bogus negative iovec length

From: Michael Roth
Subject: [Qemu-stable] [PATCH 35/37] linux-user: make bogus negative iovec lengths fail EINVAL
Date: Tue, 2 Apr 2013 16:45:40 -0500

From: Peter Maydell <address@hidden>

If the guest passes us a bogus negative length for an iovec, fail
EINVAL rather than proceeding blindly forward. This fixes some of
the error cases tests for readv and writev in the LTP.

Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
(cherry picked from commit dfae8e00f8ddeedcda24bd28f71d4fd2a9f988b8)

Signed-off-by: Michael Roth <address@hidden>
 linux-user/syscall.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7bc5ba9..b682357 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1776,7 +1776,7 @@ static struct iovec *lock_iovec(int type, abi_ulong 
         errno = 0;
         return NULL;
-    if (count > IOV_MAX) {
+    if (count < 0 || count > IOV_MAX) {
         errno = EINVAL;
         return NULL;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]