falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix buffer overrun in sched_getaffinity 

Zeroing of the cpu array should start from &cpus[kernel_ret]
not &cpus[num_zeros_to_fill].

This fixes a crash in EFL's edje_cc running under qemu-arm.

Signed-off-by: Mike McCormack <mj.mccormack@samsung.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
This commit is contained in:
Mike McCormack 2011-04-12 11:41:00 +09:00 committed by Riku Voipio
parent 6f11f013a5
commit e95d3bf04d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
linux-user/syscall.c
View File

@ -6505,7 +6505,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
unsigned long zero = arg2 - ret;
p = alloca(zero);
memset(p, 0, zero);
if (copy_to_user(arg3 + zero, p, zero)) {
if (copy_to_user(arg3 + ret, p, zero)) {
goto efault;
}
arg2 = ret;