Home Explore Help
Register Sign In
FangSoftSoft
/
qemu
mirror of https://github.com/utmapp/qemu.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure

Also, use g_malloc to avoid NULL-deref upon OOM.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 0d07fe47d4986271a21ed4ff5237275ff55dd93f)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Jim Meyering 13 years ago
parent
1bc6332461
commit
df60f451b3
1 changed files with 2 additions and 2 deletions
Unified View Show Diff Stats
  1. 2 2
      linux-user/syscall.c

+ 2 - 2
linux-user/syscall.c
View File 

@@ -2794,7 +2794,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
 
     if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
 
     if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
 
         return -TARGET_EFAULT;
 
         return -TARGET_EFAULT;
 
 
 
-    host_mb = malloc(msgsz+sizeof(long));
 
+    host_mb = g_malloc(msgsz+sizeof(long));
 
     ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg));
 
     ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg));
 
 
 
     if (ret > 0) {
 
     if (ret > 0) {
 
@@ -2809,11 +2809,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
 
     }
 
     }
 
 
 
     target_mb->mtype = tswapal(host_mb->mtype);
 
     target_mb->mtype = tswapal(host_mb->mtype);
 
-    free(host_mb);
 
 
 
 end:
 
 end:
 
     if (target_mb)
 
     if (target_mb)
 
         unlock_user_struct(target_mb, msgp, 1);
 
         unlock_user_struct(target_mb, msgp, 1);
 
+    g_free(host_mb);
 
     return ret;
 
     return ret;
 
 }
 
 }