diff options
author | Peter Maydell | 2020-11-03 15:15:32 +0100 |
---|---|---|
committer | Laurent Vivier | 2020-11-04 22:28:05 +0100 |
commit | 022625a8ade3005addb42700a145bae6a1653240 (patch) | |
tree | 3086695ae65625c48212c37351e4c3b62e98ab97 | |
parent | linux-user/syscall: Fix missing target_to_host_timespec64() check (diff) | |
download | qemu-022625a8ade3005addb42700a145bae6a1653240.tar.gz qemu-022625a8ade3005addb42700a145bae6a1653240.tar.xz qemu-022625a8ade3005addb42700a145bae6a1653240.zip |
linux-user: Check copy_from_user() return value in vma_dump_size()
Coverity points out that we don't check the return value from
copy_from_user() in vma_dump_size(). This is to some extent
a "can't happen" error since we've already checked the page
with an access_ok() call earlier, but it's simple enough to
handle the error anyway.
Fixes: Coverity CID 1432362
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20201103141532.19912-1-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
-rw-r--r-- | linux-user/elfload.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/linux-user/elfload.c b/linux-user/elfload.c index cae41d504d..0b02a92602 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -3485,7 +3485,9 @@ static abi_ulong vma_dump_size(const struct vm_area_struct *vma) if (vma->vma_flags & PROT_EXEC) { char page[TARGET_PAGE_SIZE]; - copy_from_user(page, vma->vma_start, sizeof (page)); + if (copy_from_user(page, vma->vma_start, sizeof (page))) { + return 0; + } if ((page[EI_MAG0] == ELFMAG0) && (page[EI_MAG1] == ELFMAG1) && (page[EI_MAG2] == ELFMAG2) && |