From patchwork Tue Jul 12 12:02:18 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 9225225 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3784F604DB for ; Tue, 12 Jul 2016 12:40:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2640E27D85 for ; Tue, 12 Jul 2016 12:40:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 18FEC27EED; Tue, 12 Jul 2016 12:40:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id AE9BB27D85 for ; Tue, 12 Jul 2016 12:40:06 +0000 (UTC) Received: from localhost ([::1]:40118 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMwyr-0000ct-Ry for patchwork-qemu-devel@patchwork.kernel.org; Tue, 12 Jul 2016 08:40:05 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38604) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMwjd-0007r7-9o for qemu-devel@nongnu.org; Tue, 12 Jul 2016 08:24:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bMwjc-0007z7-8J for qemu-devel@nongnu.org; Tue, 12 Jul 2016 08:24:21 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:58258) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMwjc-0007yc-0u for qemu-devel@nongnu.org; Tue, 12 Jul 2016 08:24:20 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1bMwON-0007Wx-DO; Tue, 12 Jul 2016 13:02:23 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Tue, 12 Jul 2016 13:02:18 +0100 Message-Id: <1468324939-12221-8-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1468324939-12221-1-git-send-email-peter.maydell@linaro.org> References: <1468324939-12221-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 7/8] linux-user: Use glib malloc functions in load_symbols() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Riku Voipio , patches@linaro.org Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Switch to using the glib malloc functions in load_symbols(); this deals with a Coverity complaint about possible integer overflow calculating the allocation size with 'nsyms * sizeof(*syms)'. Signed-off-by: Peter Maydell --- I opted to use the _try_ versions rather than switching to the abort-on-failure allocation functions because (a) the handle-failure code is already in place and correct (b) loading symbols from the ELF file is debug-only and can safely be skipped --- linux-user/elfload.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index 7c46cfb..b062199 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -2111,19 +2111,19 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) found: /* Now know where the strtab and symtab are. Snarf them. */ - s = malloc(sizeof(*s)); + s = g_try_new(struct syminfo, 1); if (!s) { goto give_up; } i = shdr[str_idx].sh_size; - s->disas_strtab = strings = malloc(i); + s->disas_strtab = strings = g_try_malloc(i); if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { goto give_up; } i = shdr[sym_idx].sh_size; - syms = malloc(i); + syms = g_try_malloc(i); if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { goto give_up; } @@ -2157,7 +2157,7 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) that we threw away. Whether or not this has any effect on the memory allocation depends on the malloc implementation and how many symbols we managed to discard. */ - new_syms = realloc(syms, nsyms * sizeof(*syms)); + new_syms = g_try_renew(struct elf_sym, syms, nsyms); if (new_syms == NULL) { goto give_up; } @@ -2178,9 +2178,9 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) return; give_up: - free(s); - free(strings); - free(syms); + g_free(s); + g_free(strings); + g_free(syms); } int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)