qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 01/38] linux-user: Check array bounds in errno conver

From: riku . voipio
Subject: [Qemu-devel] [PULL 01/38] linux-user: Check array bounds in errno conversion
Date: Wed, 25 May 2016 08:27:33 +0300 
From: Timothy E Baldwin <address@hidden>

Check array bounds in host_to_target_errno() and target_to_host_errno().

Signed-off-by: Timothy Edward Baldwin <address@hidden>
Message-id: address@hidden
[PMM: Add a lower-bound check, use braces on if(), tweak commit message]
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
---
 linux-user/syscall.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 032d338..5246f36 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -619,15 +619,19 @@ static uint16_t 
host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
 
 static inline int host_to_target_errno(int err)
 {
-    if(host_to_target_errno_table[err])
+    if (err >= 0 && err < ERRNO_TABLE_SIZE &&
+        host_to_target_errno_table[err]) {
         return host_to_target_errno_table[err];
+    }
     return err;
 }
 
 static inline int target_to_host_errno(int err)
 {
-    if (target_to_host_errno_table[err])
+    if (err >= 0 && err < ERRNO_TABLE_SIZE &&
+        target_to_host_errno_table[err]) {
         return target_to_host_errno_table[err];
+    }
     return err;
 }
 
-- 
2.1.4
reply via email to
[Prev in Thread] Current Thread [Next in Thread]