From patchwork Tue Jul 12 12:02:19 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 9225271 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7E3EC604DB for ; Tue, 12 Jul 2016 12:46:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6F3B927E78 for ; Tue, 12 Jul 2016 12:46:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 641B727F46; Tue, 12 Jul 2016 12:46:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id EAF2D27E78 for ; Tue, 12 Jul 2016 12:46:12 +0000 (UTC) Received: from localhost ([::1]:40214 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMx4l-0007Cc-U8 for patchwork-qemu-devel@patchwork.kernel.org; Tue, 12 Jul 2016 08:46:11 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38696) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMwjs-00084c-0H for qemu-devel@nongnu.org; Tue, 12 Jul 2016 08:24:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bMwjl-00080s-58 for qemu-devel@nongnu.org; Tue, 12 Jul 2016 08:24:34 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:58269) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bMwjk-00080n-UD for qemu-devel@nongnu.org; Tue, 12 Jul 2016 08:24:29 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1bMwON-0007XC-Qn; Tue, 12 Jul 2016 13:02:23 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Tue, 12 Jul 2016 13:02:19 +0100 Message-Id: <1468324939-12221-9-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1468324939-12221-1-git-send-email-peter.maydell@linaro.org> References: <1468324939-12221-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 8/8] linux-user: Fix memchr() argument in open_self_cmdline() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Riku Voipio , patches@linaro.org Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP In open_self_cmdline() we look for a 0 in the buffer we read from /prc/self/cmdline. We were incorrectly passing the length of our buf[] array to memchr() as the length to search, rather than the number of bytes we actually read into it, which could be shorter. This was spotted by Coverity (because it could result in our trying to pass a negative length argument to write()). Signed-off-by: Peter Maydell --- linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index f849a5d..9dbd711 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -6530,7 +6530,7 @@ static int open_self_cmdline(void *cpu_env, int fd) if (!word_skipped) { /* Skip the first string, which is the path to qemu-*-static instead of the actual command. */ - cp_buf = memchr(buf, 0, sizeof(buf)); + cp_buf = memchr(buf, 0, nb_read); if (cp_buf) { /* Null byte found, skip one string */ cp_buf++;