falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure 

Also, use g_malloc to avoid NULL-deref upon OOM.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 0d07fe47d4)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This commit is contained in:
Jim Meyering 2012-08-22 13:55:53 +02:00 committed by Michael Roth
parent 1bc6332461
commit df60f451b3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
linux-user/syscall.c
View File

@ -2794,7 +2794,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0)) if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
return -TARGET_EFAULT; return -TARGET_EFAULT;
host_mb = malloc(msgsz+sizeof(long)); host_mb = g_malloc(msgsz+sizeof(long));
ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg)); ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg));
if (ret > 0) { if (ret > 0) {
@ -2809,11 +2809,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
} }
target_mb->mtype = tswapal(host_mb->mtype); target_mb->mtype = tswapal(host_mb->mtype);
free(host_mb);
end: end:
if (target_mb) if (target_mb)
unlock_user_struct(target_mb, msgp, 1); unlock_user_struct(target_mb, msgp, 1);
g_free(host_mb);
return ret; return ret;
} }