linux-user: make bogus negative iovec lengths fail EINVAL

If the guest passes us a bogus negative length for an iovec, fail EINVAL rather than proceeding blindly forward. This fixes some of the error cases tests for readv and writev in the LTP. Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Reviewed-by: N Richard Henderson <rth@twiddle.net> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org> (cherry picked from commit dfae8e00) Signed-off-by: N Michael Roth <mdroth@linux.vnet.ibm.com>

linux-user: make bogus negative iovec lengths fail EINVAL
If the guest passes us a bogus negative length for an iovec, fail EINVAL rather than proceeding blindly forward. This fixes some of the error cases tests for readv and writev in the LTP. Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Reviewed-by: N Richard Henderson <rth@twiddle.net> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org> (cherry picked from commit dfae8e00) Signed-off-by: N Michael Roth <mdroth@linux.vnet.ibm.com>
83789105 · Peter Maydell · Michael Roth · 7a238b9f · 83789105
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

linux-user/syscall.c linux-user/syscall.c +1 -1

未找到文件。
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1776,7 +1776,7 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr,
        errno = 0;
        return NULL;
    }
-    if (count > IOV_MAX) {
+    if (count < 0 || count > IOV_MAX) {
        errno = EINVAL;
        return NULL;
    }