diff options
| author | Jim Meyering <meyering@redhat.com> | 2012-08-22 13:55:53 +0200 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2012-08-22 10:47:14 -0500 |
| commit | 0d07fe47d4986271a21ed4ff5237275ff55dd93f (patch) | |
| tree | e6781cace5b3fdb721bc63786554f76614a8fa5d /linux-user/syscall.c | |
| parent | 4144f122b477164cf466ca69be24cf4ef5c218d3 (diff) | |
| download | focaccia-qemu-0d07fe47d4986271a21ed4ff5237275ff55dd93f.tar.gz focaccia-qemu-0d07fe47d4986271a21ed4ff5237275ff55dd93f.zip | |
linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure
Also, use g_malloc to avoid NULL-deref upon OOM. Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'linux-user/syscall.c')
| -rw-r--r-- | linux-user/syscall.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 41c869bfe0..11743065e9 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2848,7 +2848,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0)) return -TARGET_EFAULT; - host_mb = malloc(msgsz+sizeof(long)); + host_mb = g_malloc(msgsz+sizeof(long)); ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg)); if (ret > 0) { @@ -2863,11 +2863,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, } target_mb->mtype = tswapal(host_mb->mtype); - free(host_mb); end: if (target_mb) unlock_user_struct(target_mb, msgp, 1); + g_free(host_mb); return ret; } |