[Qemu-devel] [PATCH for 2.10 28/35] syscall: check dup/dup2/dup3() error

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH for 2.10 28/35] syscall: check dup/dup2/dup3() error

From:	Philippe Mathieu-Daudé
Subject:	[Qemu-devel] [PATCH for 2.10 28/35] syscall: check dup/dup2/dup3() errors, return EBADFD/EINVAL if required
Date:	Mon, 24 Jul 2017 15:27:44 -0300

Linux dup(2) manpage:

ERRORS
  EBADF
    newfd is out of the allowed range for file descriptors (like negative)
  EINVAL (dup3())
    oldfd was equal to newfd

Reported-by: Clang Static Analyzer
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
---
 linux-user/syscall.c | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index e79b5baec4..637270a02d 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8336,9 +8336,13 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
         break;
 #endif
     case TARGET_NR_dup:
-        ret = get_errno(dup(arg1));
-        if (ret >= 0) {
-            fd_trans_dup(arg1, ret);
+        if (arg1 < 0) {
+            ret = -TARGET_EBADFD;
+        } else {
+            ret = get_errno(dup(arg1));
+            if (ret >= 0) {
+                fd_trans_dup(arg1, ret);
+            }
         }
         break;
 #ifdef TARGET_NR_pipe
@@ -8436,17 +8440,27 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 #endif
 #ifdef TARGET_NR_dup2
     case TARGET_NR_dup2:
-        ret = get_errno(dup2(arg1, arg2));
-        if (ret >= 0) {
-            fd_trans_dup(arg1, arg2);
+        if (arg1 < 0 || arg2 < 0) {
+            ret = -TARGET_EBADFD;
+        } else {
+            ret = get_errno(dup2(arg1, arg2));
+            if (ret >= 0) {
+                fd_trans_dup(arg1, arg2);
+            }
         }
         break;
 #endif
 #if defined(CONFIG_DUP3) && defined(TARGET_NR_dup3)
     case TARGET_NR_dup3:
-        ret = get_errno(dup3(arg1, arg2, arg3));
-        if (ret >= 0) {
-            fd_trans_dup(arg1, arg2);
+        if (arg1 < 0 || arg2 < 0) {
+            ret = -TARGET_EBADFD;
+        } else if (arg1 == arg2) {
+            ret = -TARGET_EINVAL;
+        } else {
+            ret = get_errno(dup3(arg1, arg2, arg3));
+            if (ret >= 0) {
+                fd_trans_dup(arg1, arg2);
+            }
         }
         break;
 #endif
-- 
2.13.3

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH for 2.10 24/35] linux-user/sh4: fix incorrect memory write, (continued)
- [Qemu-devel] [PATCH for 2.10 25/35] linux-user: extract is_error() out of syscall.c, Philippe Mathieu-Daudé, 2017/07/24
  - Re: [Qemu-devel] [PATCH for 2.10 25/35] linux-user: extract is_error() out of syscall.c, Laurent Vivier, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 26/35] linux-user: use is_error() to avoid warnings and make the code clearer, Philippe Mathieu-Daudé, 2017/07/24
  - Re: [Qemu-devel] [PATCH for 2.10 26/35] linux-user: use is_error() to avoid warnings and make the code clearer, Laurent Vivier, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 27/35] syscall: fix dereference of undefined pointer, Philippe Mathieu-Daudé, 2017/07/24
  - Re: [Qemu-devel] [PATCH for 2.10 27/35] syscall: fix dereference of undefined pointer, Laurent Vivier, 2017/07/24
    - Re: [Qemu-devel] [PATCH for 2.10 27/35] syscall: fix dereference of undefined pointer, Philippe Mathieu-Daudé, 2017/07/25
  - Re: [Qemu-devel] [PATCH for 2.10 27/35] syscall: fix dereference of undefined pointer, Peter Maydell, 2017/07/24
    - Re: [Qemu-devel] [PATCH for 2.10 27/35] syscall: fix dereference of undefined pointer, Laurent Vivier, 2017/07/25
- [Qemu-devel] [PATCH for 2.10 28/35] syscall: check dup/dup2/dup3() errors, return EBADFD/EINVAL if required, Philippe Mathieu-Daudé <=
  - Re: [Qemu-devel] [PATCH for 2.10 28/35] syscall: check dup/dup2/dup3() errors, return EBADFD/EINVAL if required, Laurent Vivier, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 29/35] syscall: fix out-of-bound memory access, Philippe Mathieu-Daudé, 2017/07/24
  - Re: [Qemu-devel] [PATCH for 2.10 29/35] syscall: fix out-of-bound memory access, Laurent Vivier, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 30/35] syscall: fix use of uninitialized values, Philippe Mathieu-Daudé, 2017/07/24
  - Re: [Qemu-devel] [PATCH for 2.10 30/35] syscall: fix use of uninitialized values, Laurent Vivier, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 31/35] syscall: replace strcpy() by g_strlcpy(), Philippe Mathieu-Daudé, 2017/07/24
  - Re: [Qemu-devel] [PATCH for 2.10 31/35] syscall: replace strcpy() by g_strlcpy(), Laurent Vivier, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 32/35] timer/pxa2xx: silent warning about out-of-bound memory access, Philippe Mathieu-Daudé, 2017/07/24
  - Re: [Qemu-devel] [PATCH for 2.10 32/35] timer/pxa2xx: silent warning about out-of-bound memory access, Peter Maydell, 2017/07/24
    - Re: [Qemu-devel] [PATCH for 2.10 32/35] timer/pxa2xx: silent warning about out-of-bound memory access, Philippe Mathieu-Daudé, 2017/07/24

Prev by Date: [Qemu-devel] [PATCH for 2.10 27/35] syscall: fix dereference of undefined pointer
Next by Date: [Qemu-devel] [PATCH for 2.10 29/35] syscall: fix out-of-bound memory access
Previous by thread: Re: [Qemu-devel] [PATCH for 2.10 27/35] syscall: fix dereference of undefined pointer
Next by thread: Re: [Qemu-devel] [PATCH for 2.10 28/35] syscall: check dup/dup2/dup3() errors, return EBADFD/EINVAL if required
Index(es):
- Date
- Thread