diff mbox

linux-user: Check array bounds in errno conversion

Message ID 1457030134-11357-1-git-send-email-peter.maydell@linaro.org (mailing list archive)
State New, archived
Headers show

Commit Message

Peter Maydell March 3, 2016, 6:35 p.m. UTC
From: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>

Check array bounds in host_to_target_errno() and target_to_host_errno().

Signed-off-by: Timothy Edward Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
Message-id: 1441497448-32489-2-git-send-email-T.E.Baldwin99@members.leeds.ac.uk
[PMM: Add a lower-bound check, use braces on if(), tweak commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
This is a bugfix patch fished out of Timothy's signal-race-fixes
patch series. We had a previous go-around doing this with unsigned
integers, but that doesn't work.

 linux-user/syscall.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Laurent Vivier March 6, 2016, 1:37 p.m. UTC | #1
Le 03/03/2016 19:35, Peter Maydell a écrit :
> From: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
> 
> Check array bounds in host_to_target_errno() and target_to_host_errno().
> 
> Signed-off-by: Timothy Edward Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
> Message-id: 1441497448-32489-2-git-send-email-T.E.Baldwin99@members.leeds.ac.uk
> [PMM: Add a lower-bound check, use braces on if(), tweak commit message]
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

> ---
> This is a bugfix patch fished out of Timothy's signal-race-fixes
> patch series. We had a previous go-around doing this with unsigned
> integers, but that doesn't work.
> 
>  linux-user/syscall.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 9517531..f9dcdd4 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -617,15 +617,19 @@ static uint16_t host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
>  
>  static inline int host_to_target_errno(int err)
>  {
> -    if(host_to_target_errno_table[err])
> +    if (err >= 0 && err < ERRNO_TABLE_SIZE &&
> +        host_to_target_errno_table[err]) {
>          return host_to_target_errno_table[err];
> +    }
>      return err;
>  }
>  
>  static inline int target_to_host_errno(int err)
>  {
> -    if (target_to_host_errno_table[err])
> +    if (err >= 0 && err < ERRNO_TABLE_SIZE &&
> +        target_to_host_errno_table[err]) {
>          return target_to_host_errno_table[err];
> +    }
>      return err;
>  }
>  
>
diff mbox

Patch

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 9517531..f9dcdd4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -617,15 +617,19 @@  static uint16_t host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
 
 static inline int host_to_target_errno(int err)
 {
-    if(host_to_target_errno_table[err])
+    if (err >= 0 && err < ERRNO_TABLE_SIZE &&
+        host_to_target_errno_table[err]) {
         return host_to_target_errno_table[err];
+    }
     return err;
 }
 
 static inline int target_to_host_errno(int err)
 {
-    if (target_to_host_errno_table[err])
+    if (err >= 0 && err < ERRNO_TABLE_SIZE &&
+        target_to_host_errno_table[err]) {
         return target_to_host_errno_table[err];
+    }
     return err;
 }