[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-trivial] [PATCH for 2.10 29/35] syscall: fix out-of-bound memo
From: |
Laurent Vivier |
Subject: |
Re: [Qemu-trivial] [PATCH for 2.10 29/35] syscall: fix out-of-bound memory access |
Date: |
Mon, 24 Jul 2017 21:41:34 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
Le 24/07/2017 à 20:27, Philippe Mathieu-Daudé a écrit :
> linux-user/syscall.c:555:25: warning: Out of bound memory access (accessed
> memory precedes memory block)
> target_fd_trans[fd] = trans;
> ~~~~~~~~~~~~~~~~~~~~^~~~~~~
>
> Reported-by: Clang Static Analyzer
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
> linux-user/syscall.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 637270a02d..26450d235f 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -544,6 +544,7 @@ static void fd_trans_register(int fd, TargetFdTrans
> *trans)
> {
> unsigned int oldmax;
>
> + assert(fd >= 0);
> if (fd >= target_fd_max) {
> oldmax = target_fd_max;
> target_fd_max = ((fd >> 6) + 1) << 6; /* by slice of 64 entries */
>
I think we should fix inotify_init(), inotify_init1(), eventfd() and
eventfd2() that call fd_trans_register() without checking the value of
fd before adding this assert...
Thanks,
Laurent
- [Qemu-trivial] [PATCH for 2.10 25/35] linux-user: extract is_error() out of syscall.c, (continued)
- [Qemu-trivial] [PATCH for 2.10 25/35] linux-user: extract is_error() out of syscall.c, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [PATCH for 2.10 27/35] syscall: fix dereference of undefined pointer, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [PATCH for 2.10 26/35] linux-user: use is_error() to avoid warnings and make the code clearer, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [PATCH for 2.10 29/35] syscall: fix out-of-bound memory access, Philippe Mathieu-Daudé, 2017/07/24
- Re: [Qemu-trivial] [PATCH for 2.10 29/35] syscall: fix out-of-bound memory access,
Laurent Vivier <=
- [Qemu-trivial] [PATCH for 2.10 30/35] syscall: fix use of uninitialized values, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [PATCH for 2.10 31/35] syscall: replace strcpy() by g_strlcpy(), Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [PATCH for 2.10 32/35] timer/pxa2xx: silent warning about out-of-bound memory access, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-trivial] [RFC PATCH for 2.10 35/35] script to run docker image, Philippe Mathieu-Daudé, 2017/07/24