[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Fix for accept
From: |
Pablo Virolainen |
Subject: |
[Qemu-devel] Fix for accept |
Date: |
Thu, 13 Jul 2006 13:21:50 +0300 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060427 Debian/1.7.13-0ubuntu5.10 |
Following code crashes qemu user emulation.
#include <sys/types.h>
#include <sys/socket.h>
int main() {
accept(0,NULL,NULL);
return 0;
}
Pablo Virolainen
Index: linux-user/syscall.c
===================================================================
RCS file: /sources/qemu/qemu/linux-user/syscall.c,v
retrieving revision 1.75
diff -u -r1.75 syscall.c
--- linux-user/syscall.c 27 Jun 2006 21:08:10 -0000 1.75
+++ linux-user/syscall.c 13 Jul 2006 10:18:57 -0000
@@ -878,9 +878,20 @@
int sockfd = tgetl(vptr);
target_ulong target_addr = tgetl(vptr + n);
target_ulong target_addrlen = tgetl(vptr + 2 * n);
- socklen_t addrlen = tget32(target_addrlen);
- void *addr = alloca(addrlen);
-
+ socklen_t addrlen=0;
+ /* Just to get rid of compiler warnings */
+ ulong addrt=0;
+ void *addr;
+
+ get_user(addrlen,&target_addrlen);
+ get_user(addrt,&target_addr);
+
+ if (addrt!=0) {
+ addr = alloca(addrlen);
+ } else {
+ addr = NULL;
+ }
+
ret = get_errno(accept(sockfd, addr, &addrlen));
if (!is_error(ret)) {
host_to_target_sockaddr(target_addr, addr, addrlen);
- [Qemu-devel] Fix for accept,
Pablo Virolainen <=