diff mbox series

linux-users/syscall: make do_ioctl_rt safer

Message ID 20181108105904.27980-1-alex.bennee@linaro.org
State New
Headers show
Series linux-users/syscall: make do_ioctl_rt safer | expand

Commit Message

Alex Bennée Nov. 8, 2018, 10:59 a.m. UTC 
host_rt_dev_ptr is set while looping through a control structure. The
compiler can not know that all structures passed to do_ioctl_rt will
trigger the if clause so rightly complains with an --enable-sanitizers
build. To keep the compiler happy we default the host_rt_dev_ptr and
check it has been set before attempting to follow it.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

CC: qemu-trivial@nongnu.org
---
 linux-user/syscall.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.17.1

Comments

Laurent Vivier Nov. 8, 2018, 11:09 a.m. UTC | #1 
On 08/11/2018 11:59, Alex Bennée wrote:
> host_rt_dev_ptr is set while looping through a control structure. The

> compiler can not know that all structures passed to do_ioctl_rt will

> trigger the if clause so rightly complains with an --enable-sanitizers

> build. To keep the compiler happy we default the host_rt_dev_ptr and

> check it has been set before attempting to follow it.

> 

> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>

> CC: qemu-trivial@nongnu.org

> ---

>  linux-user/syscall.c | 4 ++--

>  1 file changed, 2 insertions(+), 2 deletions(-)

> 

> diff --git a/linux-user/syscall.c b/linux-user/syscall.c

> index 810a58b704..3a942f1f4a 100644

> --- a/linux-user/syscall.c

> +++ b/linux-user/syscall.c

> @@ -4669,7 +4669,7 @@ static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,

>      int target_size;

>      void *argptr;

>      abi_ulong *target_rt_dev_ptr;

> -    unsigned long *host_rt_dev_ptr;

> +    unsigned long *host_rt_dev_ptr = NULL;

>      abi_long ret;

>      int i;

>  

> @@ -4715,7 +4715,7 @@ static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,

>      unlock_user(argptr, arg, 0);

>  

>      ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));

> -    if (*host_rt_dev_ptr != 0) {

> +    if (host_rt_dev_ptr && *host_rt_dev_ptr != 0) {


As host_rt_dev_ptr should be set in every case, I think an
"assert(host_rt_dev_ptr != NULL)" would be more meaningful.

Thanks,
Laurent
diff mbox series

Patch

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 810a58b704..3a942f1f4a 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4669,7 +4669,7 @@  static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
     int target_size;
     void *argptr;
     abi_ulong *target_rt_dev_ptr;
-    unsigned long *host_rt_dev_ptr;
+    unsigned long *host_rt_dev_ptr = NULL;
     abi_long ret;
     int i;
 
@@ -4715,7 +4715,7 @@  static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
     unlock_user(argptr, arg, 0);
 
     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
-    if (*host_rt_dev_ptr != 0) {
+    if (host_rt_dev_ptr && *host_rt_dev_ptr != 0) {
         unlock_user((void *)*host_rt_dev_ptr,
                     *target_rt_dev_ptr, 0);
     }