summaryrefslogtreecommitdiff
path: root/stubs/replay-user.c
diff options
context:
space:
mode:
authorLaurent Vivier <laurent@vivier.eu>2020-07-09 21:22:17 +0200
committerLaurent Vivier <laurent@vivier.eu>2020-07-13 21:22:08 +0200
commit4c1850c130a31e6f3cc896a5ba5fb7a602540bc9 (patch)
treefa01a74ef0e3107e4ba378757689baff3bddc969 /stubs/replay-user.c
parentd8c08b1e6c7b1a5be1ec70e339437823a41b1946 (diff)
downloadqemu-4c1850c130a31e6f3cc896a5ba5fb7a602540bc9.zip
linux-user: Fix Coverity CID 1430271 / CID 1430272
In new functions print_ioctl() and print_syscall_ret_ioctl(), we don't check if lock_user() returns NULL and this would cause a segfault in thunk_print(). If lock_user() returns NULL don't call thunk_print() but prints only the value of the (invalid) pointer. Tested with: # cat ioctl.c #include <unistd.h> #include <sys/ioctl.h> int main(void) { int ret; ret = ioctl(STDOUT_FILENO, TCGETS, 0xdeadbeef); ret = ioctl(STDOUT_FILENO, TCSETSF, 0xdeadbeef); return 0; } # QEMU_STRACE= ./ioctl ... 578 ioctl(1,TCGETS,0xdeadbeef) = -1 errno=2 (Bad address) 578 ioctl(1,TCSETSF,0xdeadbeef) = -1 errno=2 (Bad address) ... # QEMU_STRACE= passwd ... 623 ioctl(0,TCGETS,0x3fffed04) = 0 ({}) 623 ioctl(0,TCSETSF,{}) = 0 ... Reported-by: Peter Maydell <peter.maydell@linaro.org> Fixes: 79482e5987c8 ("linux-user: Add strace support for printing arguments of ioctl()") Signed-off-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'stubs/replay-user.c')
0 files changed, 0 insertions, 0 deletions