[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] linux-user: Check array bounds in errno convers
From: |
Laurent Vivier |
Subject: |
Re: [Qemu-devel] [PATCH] linux-user: Check array bounds in errno conversion |
Date: |
Sun, 6 Mar 2016 14:37:13 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 |
Le 03/03/2016 19:35, Peter Maydell a écrit :
> From: Timothy E Baldwin <address@hidden>
>
> Check array bounds in host_to_target_errno() and target_to_host_errno().
>
> Signed-off-by: Timothy Edward Baldwin <address@hidden>
> Message-id: address@hidden
> [PMM: Add a lower-bound check, use braces on if(), tweak commit message]
> Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
> ---
> This is a bugfix patch fished out of Timothy's signal-race-fixes
> patch series. We had a previous go-around doing this with unsigned
> integers, but that doesn't work.
>
> linux-user/syscall.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 9517531..f9dcdd4 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -617,15 +617,19 @@ static uint16_t
> host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
>
> static inline int host_to_target_errno(int err)
> {
> - if(host_to_target_errno_table[err])
> + if (err >= 0 && err < ERRNO_TABLE_SIZE &&
> + host_to_target_errno_table[err]) {
> return host_to_target_errno_table[err];
> + }
> return err;
> }
>
> static inline int target_to_host_errno(int err)
> {
> - if (target_to_host_errno_table[err])
> + if (err >= 0 && err < ERRNO_TABLE_SIZE &&
> + target_to_host_errno_table[err]) {
> return target_to_host_errno_table[err];
> + }
> return err;
> }
>
>