[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 4/4] linux-user: Fix error handling in target_to_hos
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-devel] [PATCH 4/4] linux-user: Fix error handling in target_to_host_semarray() |
|
Date: |
Mon, 17 Feb 2014 18:55:34 +0000 |
Fix two issues in error handling in target_to_host_semarray():
* don't leak the host_array buffer if lock_user fails
* return an error if malloc() fails
Signed-off-by: Peter Maydell <address@hidden>
---
linux-user/syscall.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index bb3e4b1..c92f026 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2429,10 +2429,15 @@ static inline abi_long target_to_host_semarray(int
semid, unsigned short **host_
nsems = semid_ds.sem_nsems;
*host_array = malloc(nsems*sizeof(unsigned short));
+ if (!*host_array) {
+ return -TARGET_ENOMEM;
+ }
array = lock_user(VERIFY_READ, target_addr,
nsems*sizeof(unsigned short), 1);
- if (!array)
+ if (!array) {
+ free(host_array);
return -TARGET_EFAULT;
+ }
for(i=0; i<nsems; i++) {
__get_user((*host_array)[i], &array[i]);
--
1.8.5