summaryrefslogtreecommitdiffstats
path: root/linux-user
diff options
context:
space:
mode:
authorPeter Maydell2018-05-18 20:47:15 +0200
committerLaurent Vivier2018-05-25 10:10:55 +0200
commit309786cfd8f701182eee845fd98e30fd5addd046 (patch)
tree387f9049e16a78acc3b5744e97343a46400304b4 /linux-user
parentlinux-user: update comments to point to tcg_exec_init() (diff)
downloadqemu-309786cfd8f701182eee845fd98e30fd5addd046.tar.gz
qemu-309786cfd8f701182eee845fd98e30fd5addd046.tar.xz
qemu-309786cfd8f701182eee845fd98e30fd5addd046.zip
linux-user: Fix payload size logic in host_to_target_cmsg()
Coverity points out that there's a missing break in the switch in host_to_target_cmsg() where we update tgt_len for cmsg_level/cmsg_type combinations which require a different length for host and target (CID 1385425). To avoid duplicating the default case (target length same as host) in both switches, set that before the switch so that only the cases which want to override it need any code. This fixes a bug where we would have used the wrong length for SOL_SOCKET/SO_TIMESTAMP messages where the target and host have differently sized 'struct timeval' (ie one is 32 bit and the other is 64 bit). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20180518184715.29833-1-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Diffstat (limited to 'linux-user')
-rw-r--r--linux-user/syscall.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dd77f86ea2..d02c16bbc6 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1848,6 +1848,7 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
/* Payload types which need a different size of payload on
* the target must adjust tgt_len here.
*/
+ tgt_len = len;
switch (cmsg->cmsg_level) {
case SOL_SOCKET:
switch (cmsg->cmsg_type) {
@@ -1857,8 +1858,8 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
default:
break;
}
+ break;
default:
- tgt_len = len;
break;
}