diff options
Diffstat (limited to 'linux-user/syscall.c')
| -rw-r--r-- | linux-user/syscall.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index b4a7b605f3..5b3fce3dc0 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3901,7 +3901,7 @@ static inline abi_long do_semtimedop(int semid, unsigned nsops, abi_long timeout) { - struct sembuf sops[nsops]; + struct sembuf *sops; struct timespec ts, *pts = NULL; abi_long ret; @@ -3912,8 +3912,16 @@ static inline abi_long do_semtimedop(int semid, } } - if (target_to_host_sembuf(sops, ptr, nsops)) + if (nsops > TARGET_SEMOPM) { + return -TARGET_E2BIG; + } + + sops = g_new(struct sembuf, nsops); + + if (target_to_host_sembuf(sops, ptr, nsops)) { + g_free(sops); return -TARGET_EFAULT; + } ret = -TARGET_ENOSYS; #ifdef __NR_semtimedop @@ -3925,6 +3933,7 @@ static inline abi_long do_semtimedop(int semid, SEMTIMEDOP_IPC_ARGS(nsops, sops, (long)pts))); } #endif + g_free(sops); return ret; } #endif |