linux-user: allocate heap memory for execve arguments

Arguments passed to execve(2) call from user program could be large, allocating stack memory for them via alloca(3) call would lead to bad behaviour. Use 'g_new0' to allocate memory for such arguments. Reported-by: N Jann Horn <jannh@google.com> Signed-off-by: N Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: N Eric Blake <eblake@redhat.com> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org>

linux-user: allocate heap memory for execve arguments
Arguments passed to execve(2) call from user program could be large, allocating stack memory for them via alloca(3) call would lead to bad behaviour. Use 'g_new0' to allocate memory for such arguments. Reported-by: N Jann Horn <jannh@google.com> Signed-off-by: N Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: N Eric Blake <eblake@redhat.com> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org>
b936cb50 · Prasad J Pandit · Riku Voipio · c4e316cf · b936cb50
隐藏空白更改
内联并排

Showing with 5 addition and 2 deletion

linux-user/syscall.c linux-user/syscall.c +5 -2

未找到文件。
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7985,8 +7985,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                envc++;
            }

-            argp = alloca((argc + 1) * sizeof(void *));
-            envp = alloca((envc + 1) * sizeof(void *));
+            argp = g_new0(char *, argc + 1);
+            envp = g_new0(char *, envc + 1);

            for (gp = guest_argp, q = argp; gp;
                  gp += sizeof(abi_ulong), q++) {
@@ -8047,6 +8047,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                    break;
                unlock_user(*q, addr, 0);
            }
+
+            g_free(argp);
+            g_free(envp);
        }
        break;
    case TARGET_NR_chdir: