linux-user: Fix memchr() argument in open_self_cmdline()

In open_self_cmdline() we look for a 0 in the buffer we read from /prc/self/cmdline. We were incorrectly passing the length of our buf[] array to memchr() as the length to search, rather than the number of bytes we actually read into it, which could be shorter. This was spotted by Coverity (because it could result in our trying to pass a negative length argument to write()). Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org>

linux-user: Fix memchr() argument in open_self_cmdline()
In open_self_cmdline() we look for a 0 in the buffer we read from /prc/self/cmdline. We were incorrectly passing the length of our buf[] array to memchr() as the length to search, rather than the number of bytes we actually read into it, which could be shorter. This was spotted by Coverity (because it could result in our trying to pass a negative length argument to write()). Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org>
ba4b3f66 · Peter Maydell · Riku Voipio · d9fe91d8 · ba4b3f66
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

linux-user/syscall.c linux-user/syscall.c +1 -1

未找到文件。
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6856,7 +6856,7 @@ static int open_self_cmdline(void *cpu_env, int fd)
        if (!word_skipped) {
            /* Skip the first string, which is the path to qemu-*-static
               instead of the actual command. */
-            cp_buf = memchr(buf, 0, sizeof(buf));
+            cp_buf = memchr(buf, 0, nb_read);
            if (cp_buf) {
                /* Null byte found, skip one string */
                cp_buf++;