Following code crashes qemu user emulation.
#include <sys/types.h>
#include <sys/socket.h>
int main() {
accept(0,NULL,NULL);
return 0;
}
Pablo Virolainen
Index: linux-user/syscall.c
===================================================================
RCS file: /sources/qemu/qemu/linux-user/syscall.c,v
retrieving revision 1.75
diff -u -r1.75 syscall.c
--- linux-user/syscall.c 27 Jun 2006 21:08:10 -0000 1.75
+++ linux-user/syscall.c 13 Jul 2006 10:18:57 -0000
@@ -878,9 +878,20 @@
int sockfd = tgetl(vptr);
target_ulong target_addr = tgetl(vptr + n);
target_ulong target_addrlen = tgetl(vptr + 2 * n);
- socklen_t addrlen = tget32(target_addrlen);
- void *addr = alloca(addrlen);
-
+ socklen_t addrlen=0;
+ /* Just to get rid of compiler warnings */
+ ulong addrt=0;
+ void *addr;
+
+ get_user(addrlen,&target_addrlen);
+ get_user(addrt,&target_addr);
+
+ if (addrt!=0) {
+ addr = alloca(addrlen);
+ } else {
+ addr = NULL;
+ }
+
ret = get_errno(accept(sockfd, addr, &addrlen));
if (!is_error(ret)) {
host_to_target_sockaddr(target_addr, addr, addrlen);
_______________________________________________
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
