[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCHv2 3/6] linux-user: do_msgrcv: don't leak host_mb upo
|
From: |
Jim Meyering |
|
Subject: |
[Qemu-devel] [PATCHv2 3/6] linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure |
|
Date: |
Wed, 16 May 2012 15:52:18 +0200 |
Also, use g_malloc to avoid NULL-deref upon OOM.
Signed-off-by: Jim Meyering <address@hidden>
---
There are other, similar NULL-deref risks in this file.
TBD separately.
linux-user/syscall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 20d2a74..9bf0b28 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2794,7 +2794,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
return -TARGET_EFAULT;
- host_mb = malloc(msgsz+sizeof(long));
+ host_mb = g_malloc(msgsz+sizeof(long));
ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg));
if (ret > 0) {
@@ -2809,11 +2809,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long
msgp,
}
target_mb->mtype = tswapal(host_mb->mtype);
- free(host_mb);
end:
if (target_mb)
unlock_user_struct(target_mb, msgp, 1);
+ g_free(host_mb);
return ret;
}
--
1.7.10.2.520.g6a4a482
- [Qemu-devel] [PATCHv2 1/6] qcow2: don't leak buffer for unexpected qcow_version in header, (continued)
- [Qemu-devel] [PATCH 4/6] sheepdog: don't leak socket file descriptor upon connection failure, Jim Meyering, 2012/05/16
- [Qemu-devel] [PATCH 5/6] arm-semi: don't leak 1kb user string lock buffer upon TARGET_SYS_OPEN, Jim Meyering, 2012/05/16
- [Qemu-devel] [PATCH 3/6] linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure, Jim Meyering, 2012/05/16
- [Qemu-devel] [PATCH 6/6] softmmu-semi: fix lock_user* functions not to deref NULL upon OOM, Jim Meyering, 2012/05/16
- [Qemu-devel] [PATCH 2/6] qemu-ga: avoid unconditional lockfile file descriptor leak, Jim Meyering, 2012/05/16