Index: qemu/linux-user/syscall.c =================================================================== --- qemu.orig/linux-user/syscall.c 2007-11-19 20:45:20.000000000 -0700 +++ qemu/linux-user/syscall.c 2007-11-19 20:48:54.000000000 -0700 @@ -3515,7 +3515,7 @@ argc = 0; guest_argp = arg2; - for (gp = guest_argp; ; gp += sizeof(abi_ulong)) { + for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) { if (get_user_ual(addr, gp)) goto efault; if (!addr) @@ -3524,7 +3524,7 @@ } envc = 0; guest_envp = arg3; - for (gp = guest_envp; ; gp += sizeof(abi_ulong)) { + for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) { if (get_user_ual(addr, gp)) goto efault; if (!addr) @@ -3535,7 +3535,7 @@ argp = alloca((argc + 1) * sizeof(void *)); envp = alloca((envc + 1) * sizeof(void *)); - for (gp = guest_argp, q = argp; ; + for (gp = guest_argp, q = argp; gp; gp += sizeof(abi_ulong), q++) { if (get_user_ual(addr, gp)) goto execve_efault; @@ -3546,7 +3546,7 @@ } *q = NULL; - for (gp = guest_envp, q = envp; ; + for (gp = guest_envp, q = envp; gp; gp += sizeof(abi_ulong), q++) { if (get_user_ual(addr, gp)) goto execve_efault; @@ -3568,14 +3568,14 @@ ret = -TARGET_EFAULT; execve_end: - for (gp = guest_argp, q = argp; *q; + for (gp = guest_argp, q = argp; gp && *q; gp += sizeof(abi_ulong), q++) { if (get_user_ual(addr, gp) || !addr) break; unlock_user(*q, addr, 0); } - for (gp = guest_envp, q = envp; *q; + for (gp = guest_envp, q = envp; gp && *q; gp += sizeof(abi_ulong), q++) { if (get_user_ual(addr, gp) || !addr)