projects / sdk / emulator / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fff8c53)
linux-user: Fix error handling in target_to_host_semarray()
authorPeter Maydell <peter.maydell@linaro.org>
Mon, 17 Feb 2014 18:55:34 +0000 (18:55 +0000)
committerRiku Voipio <riku.voipio@linaro.org>
Wed, 19 Feb 2014 10:29:23 +0000 (12:29 +0200)
Fix two issues in error handling in target_to_host_semarray():
 * don't leak the host_array buffer if lock_user fails
 * return an error if malloc() fails

v2: added missing * -Riku Voipio

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
linux-user/syscall.c patch | blob | history

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8f5a58ee0bad430ef6bdbfe2395b9ef40a723f4b..1407b7a546878494032dd9ea04936e99d8865fc5 100644 (file)
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2430,10 +2430,15 @@ static inline abi_long target_to_host_semarray(int semid, unsigned short **host_
     nsems = semid_ds.sem_nsems;
 
     *host_array = malloc(nsems*sizeof(unsigned short));
+    if (!*host_array) {
+        return -TARGET_ENOMEM;
+    }
     array = lock_user(VERIFY_READ, target_addr,
                       nsems*sizeof(unsigned short), 1);
-    if (!array)
+    if (!array) {
+        free(*host_array);
         return -TARGET_EFAULT;
+    }
 
     for(i=0; i<nsems; i++) {
         __get_user((*host_array)[i], &array[i]);
Domain: SDK / Emulator;