[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] linux-user: Check copy_from_user() return value in vma_dump_
|
From: |
Laurent Vivier |
|
Subject: |
Re: [PATCH] linux-user: Check copy_from_user() return value in vma_dump_size() |
|
Date: |
Wed, 4 Nov 2020 22:28:12 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.1 |
Le 03/11/2020 à 15:15, Peter Maydell a écrit :
> Coverity points out that we don't check the return value from
> copy_from_user() in vma_dump_size(). This is to some extent
> a "can't happen" error since we've already checked the page
> with an access_ok() call earlier, but it's simple enough to
> handle the error anyway.
>
> Fixes: Coverity CID 1432362
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> linux-user/elfload.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
> index bf8c1bd2533..e19d0b5cb05 100644
> --- a/linux-user/elfload.c
> +++ b/linux-user/elfload.c
> @@ -3484,7 +3484,9 @@ static abi_ulong vma_dump_size(const struct
> vm_area_struct *vma)
> if (vma->vma_flags & PROT_EXEC) {
> char page[TARGET_PAGE_SIZE];
>
> - copy_from_user(page, vma->vma_start, sizeof (page));
> + if (copy_from_user(page, vma->vma_start, sizeof (page))) {
> + return 0;
> + }
> if ((page[EI_MAG0] == ELFMAG0) &&
> (page[EI_MAG1] == ELFMAG1) &&
> (page[EI_MAG2] == ELFMAG2) &&
>
Applied to my linux-user-for-5.2 branch.
Thanks,
Laurent