On 6 September 2015 at 00:56, Timothy E Baldwin
<t.e.baldwi...@members.leeds.ac.uk> wrote:
> Check array bounds in host_to_target_errno() and target_to_host_errno().
>
> Signed-off-by: Timothy Edward Baldwin <t.e.baldwi...@members.leeds.ac.uk>
> ---
> linux-user/syscall.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 264debc..4e40dc6 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -566,14 +566,14 @@ static uint16_t
> host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
>
> static inline int host_to_target_errno(int err)
> {
> - if(host_to_target_errno_table[err])
> + if(err < ERRNO_TABLE_SIZE && host_to_target_errno_table[err])
> return host_to_target_errno_table[err];
> return err;
> }
>
> static inline int target_to_host_errno(int err)
> {
> - if (target_to_host_errno_table[err])
> + if (err < ERRNO_TABLE_SIZE && target_to_host_errno_table[err])
> return target_to_host_errno_table[err];
> return err;
> }
Maybe we should also check that the passed in error value is
not negative? (Given the errno-is-positive/syscall-return-negative
conventions, it's an easy mistake to make...)
-- PMM
