From: Peter Maydell <peter.mayd...@linaro.org>
In open_self_cmdline() we look for a 0 in the buffer we read
from /prc/self/cmdline. We were incorrectly passing the length
of our buf[] array to memchr() as the length to search, rather
than the number of bytes we actually read into it, which could
be shorter. This was spotted by Coverity (because it could
result in our trying to pass a negative length argument to
write()).
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Signed-off-by: Riku Voipio <riku.voi...@linaro.org>
---
linux-user/syscall.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ca6a2b4..092ff4e 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6856,7 +6856,7 @@ static int open_self_cmdline(void *cpu_env, int fd)
if (!word_skipped) {
/* Skip the first string, which is the path to qemu-*-static
instead of the actual command. */
- cp_buf = memchr(buf, 0, sizeof(buf));
+ cp_buf = memchr(buf, 0, nb_read);
if (cp_buf) {
/* Null byte found, skip one string */
cp_buf++;
--
2.1.4
