From patchwork Fri Feb 8 17:58:41 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 14702 Return-Path: X-Original-To: patchwork@peony.canonical.com Delivered-To: patchwork@peony.canonical.com Received: from fiordland.canonical.com (fiordland.canonical.com [91.189.94.145]) by peony.canonical.com (Postfix) with ESMTP id 9BB8924197 for ; Fri, 8 Feb 2013 17:58:45 +0000 (UTC) Received: from mail-ve0-f170.google.com (mail-ve0-f170.google.com [209.85.128.170]) by fiordland.canonical.com (Postfix) with ESMTP id 21152A199C9 for ; Fri, 8 Feb 2013 17:58:45 +0000 (UTC) Received: by mail-ve0-f170.google.com with SMTP id 14so3577889vea.1 for ; Fri, 08 Feb 2013 09:58:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:x-forwarded-to:x-forwarded-for:delivered-to:x-received :received-spf:from:to:cc:subject:date:message-id:x-mailer :x-gm-message-state; bh=NtXFipD4tKSXkITYUwjU2/HwmPtUrE6Q53Chfo1FJBA=; b=AWoQ2O2nfg9m8Z3W6ub3J9ds6NcF+m3xfK6wfQDEK6r2KO135y5hnWrsGUKG1j6/sZ Ti3teXfV88ancVvQKVcLKy4RhGZMOZEXTI+fteiUpzHCYIE5FviI0F8AXYSzA+ilVqbv g0tBkbaCBpW03EzKyE7rvQGthuIe44RBf0xqn458Gzd9RH7QAZ/MU5R4cZuoiIVcBq5d ay8cNGLDgVC/3/sCLFB2OQ89HR9pH6PprcC5nSUCm1hEw7uXX4nfvFeI2Xx3BFTTj/Jb CyTidbivmxEewJRB21L9rv7ODZb1INKx9NujlgfcIn+ZUK9gDg8JhD1wLhv8ga0kmvc0 JfMA== X-Received: by 10.52.27.50 with SMTP id q18mr6990502vdg.20.1360346324610; Fri, 08 Feb 2013 09:58:44 -0800 (PST) X-Forwarded-To: linaro-patchwork@canonical.com X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com Delivered-To: patches@linaro.org Received: by 10.58.252.8 with SMTP id zo8csp160192vec; Fri, 8 Feb 2013 09:58:44 -0800 (PST) X-Received: by 10.180.73.80 with SMTP id j16mr4228695wiv.5.1360346323617; Fri, 08 Feb 2013 09:58:43 -0800 (PST) Received: from mnementh.archaic.org.uk (1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.1.0.0.b.8.0.1.0.0.2.ip6.arpa. [2001:8b0:1d0::1]) by mx.google.com with ESMTPS id ft4si11606635wjb.161.2013.02.08.09.58.43 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 08 Feb 2013 09:58:43 -0800 (PST) Received-SPF: neutral (google.com: 2001:8b0:1d0::1 is neither permitted nor denied by best guess record for domain of pm215@archaic.org.uk) client-ip=2001:8b0:1d0::1; Authentication-Results: mx.google.com; spf=neutral (google.com: 2001:8b0:1d0::1 is neither permitted nor denied by best guess record for domain of pm215@archaic.org.uk) smtp.mail=pm215@archaic.org.uk Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.72) (envelope-from ) id 1U3sDh-0000fr-Tp; Fri, 08 Feb 2013 17:58:41 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, Riku Voipio Subject: [PATCH] linux-user: make bogus negative iovec lengths fail EINVAL Date: Fri, 8 Feb 2013 17:58:41 +0000 Message-Id: <1360346321-2568-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.2.5 X-Gm-Message-State: ALoCoQlllfiG5aFLh3WtBLPJrLzUJEMHqIC+GFOyLunnAo2mNXGUXIcyEFJ7t6m5jSvmAK/l3hFh If the guest passes us a bogus negative length for an iovec, fail EINVAL rather than proceeding blindly forward. This fixes some of the error cases tests for readv and writev in the LTP. Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson --- I guess I'll resend this mixed bag of linux-user patches as a single series after the trunk reopens; feel free to review in the meantime :-) linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 35df073..d38eb24 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -1779,7 +1779,7 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr, errno = 0; return NULL; } - if (count > IOV_MAX) { + if (count < 0 || count > IOV_MAX) { errno = EINVAL; return NULL; }