projects / platform / upstream / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5b87cb5)
linux-user: Cast validity checks on g_posix_timers range
authorAlexander Graf <agraf@suse.de>
Fri, 22 Aug 2014 09:28:52 +0000 (11:28 +0200)
committerChanho Park <parkch98@gmail.com>
Tue, 9 Sep 2014 02:32:53 +0000 (11:32 +0900)
We check whether the passed in counter value is negative on all calls
that involve g_posix_timers. However, we also check check for negativity
of that value after casting it - at which point it couldn't possibly be
negative anymore.

Cast the check to int16_t. Maybe this is correct. Maybe the check should
get removed completely.

Signed-off-by: Alexander Graf <agraf@suse.de>
linux-user/syscall.c patch | blob | history

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 0b4668d..660095b 100644 (file)
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9602,7 +9602,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
          * struct itimerspec * old_value */
         arg1 &= 0xffff;
-        if (arg3 == 0 || arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        if (arg3 == 0 || (int16_t)arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
             timer_t htimer = g_posix_timers[arg1];
@@ -9624,7 +9624,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
         arg1 &= 0xffff;
         if (!arg2) {
             return -TARGET_EFAULT;
-        } else if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        } else if ((int16_t)arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
             timer_t htimer = g_posix_timers[arg1];
@@ -9644,7 +9644,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
     {
         /* args: timer_t timerid */
         arg1 &= 0xffff;
-        if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        if ((int16_t)arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
             timer_t htimer = g_posix_timers[arg1];
@@ -9659,7 +9659,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
     {
         /* args: timer_t timerid */
         arg1 &= 0xffff;
-        if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        if ((int16_t)arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
             timer_t htimer = g_posix_timers[arg1];
Domain: SCM / Build;