On 23 January 2015 at 10:01, Chen Gang S <gang.c...@sunrus.com.cn> wrote:
> When failure occurs during allocating vec[i], also need free all
> allocated vec[i] in failure processing code block before return.
>
> In unlock_user(), it will check vec[i].iov_base whether is NULL, so need
> not check it again outside.
>
> If error is EFAULT when "i == 0", vec[i].iov_base is NULL, then can just
> skip it, so can still use "while (--i >= 0)" for the free looping.
>
> Signed-off-by: Chen Gang <gang.chen.5...@gmail.com>
> ---
> linux-user/syscall.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 290fdea..a66c2ae 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -1873,6 +1873,11 @@ static struct iovec *lock_iovec(int type, abi_ulong
> target_addr,
> return vec;
>
> fail:
> + while (--i >= 0) {
> + if (tswapal(target_vec[i].iov_len) > 0) {
> + unlock_user(vec[i].iov_base, tswapal(target_vec[i].iov_base), 0);
> + }
> + }
> unlock_user(target_vec, target_addr, 0);
> fail2:
> free(vec);
> --
> 1.9.3 (Apple Git-50)
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
thanks
-- PMM
--
12345678901234567890123456789012345678901234567890123456789012345678901234567890
1 2 3 4 5 6 7 8
