[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 01/34] linux-user: Fix array bounds in errno con
|
From: |
Laurent Vivier |
|
Subject: |
Re: [Qemu-devel] [PATCH 01/34] linux-user: Fix array bounds in errno conversion |
|
Date: |
Sat, 31 Oct 2015 03:51:32 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
Le 12/10/2015 15:42, Riku Voipio a écrit :
> On perjantaina 11. syyskuuta 2015 13.59.29 EEST, Peter Maydell wrote:
>> On 6 September 2015 at 00:56, Timothy E Baldwin
>> <address@hidden> wrote:
>>> Check array bounds in host_to_target_errno() and target_to_host_errno().
>>>
>>> Signed-off-by: Timothy Edward Baldwin
>>> <address@hidden>
>>> ---
>>> linux-user/syscall.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-) ...
>>
>> Maybe we should also check that the passed in error value is
>> not negative? (Given the errno-is-positive/syscall-return-negative
>> conventions, it's an easy mistake to make...)
>
> I've applied a version of this patch that implements this by setting the
> function argument to unsigned
>
> Riku
>
>
This patch breaks get_errno().
On a 64bit target, if errno is 22, host_to_target_errno(22) is (unsigned
int)-22 = 0xffffffea, and get_errno() is (abi_long)0xffffffea =
0x000000000xffffffea = 4294967274. It is not negative, and thus is not
an error.
host_to_target_errno() and target_to_host_errno() must stay signed.
Laurent